Hi, I find it sad that people are still arguing for the developer-oriented "I only care about making application Y as easy to maintain on a wide variety of platforms as possible", and dismiss sysadmin security concerns as too inconvenient to follow, at the very same time one of the biggest proponents of this model, Oracle, is frantically trying to root out and eradicate all the old versions of its software due to exploitation in the wild of its security flaws. I'd think that would invalidate the approach pretty thoroughly (and to be fair Oracle inherited most of the mess from a Sun that didn't dare face developers with hard decisions. It is *no* coincidence that most problems are found in the java plugin, which was 'too hard' to open-source properly and that broke every single software project management rule in order to attract java developers). Are people still naïve enough to think shit only happens to the guy next door? When they'll have finally made every local app too unsafe to run, and forced everyone to use a daily-updated chrome, streaming apps from entities employing sysadmins that force their developers to update their deps in a timely manner, do they think their platform will still be relevant? Because this is what *I* am seeing in the market: slow pruning of entities unable to cope with modern security concerns, and hardening of "you shall not take the easy developer path" everywhere else. The longer you postpone security concerns the harder they are to handle, and the harder they are too handle the less competitive you get compared to others with better security hygiene. -- Nicolas Mailhot -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
