Hacker News new | past | comments | ask | show | jobs | submit login

[flagged]



Isn't 36 months 2 + 1 years?

Also, the point is still valid that 36 months (or 3 years) is still rather short security lifetime for a device. At some point (presumably soon now that carriers are dropping most device subsidies) the 2 year replacement scheme of mobile devices stops being sustainable and you do start to have to deal with the long tail of people sticking to 5-15 year old hardware devices.

Google seems to have little interest in anything beyond the short horizon and that security tech debt is going to come due.


>Isn't 36 months 2 + 1 years?

He stated "+1 for some fixes" which is incorrect as it implies that you may not get all of the security fixes for that additional year and only "some" of them.

>Also, the point is still valid that 36 months (or 3 years) is still rather short security lifetime for a device. At some point (presumably soon now that carriers are dropping most device subsidies) the 2 year replacement scheme of mobile devices stops being sustainable and you do start to have to deal with the long tail of people sticking to 5-15 year old hardware devices.

I agree it is rather short and the sooner Android OEM's can move from an SoC supplier, like Qualcomm, that only provides BSP support for 2 years the better.


«He stated "+1 for some fixes" which is incorrect as it implies that you may not get all of the security fixes for that additional year and only "some" of them.»

Interesting.

The OP's statement was for "upgrades" not security fixes; I read it as 2 years upgrades and 1 for security fixes beyond feature upgrades. The choice of "some" was ambiguous, but "upgrades" is much less ambiguous to me than you seem to consider and not something I'd directly confuse with "security fixes" alone and something that the (+ 1) seemed to directly add "security feature" context to me, despite the ambiguous wording.

Though that still raises the question of if Google properly subsets general (feature) upgrades and security fixes across that 2 + 1 time period. The ambiguous word choice of "some" could be an editorial indication that the OP considers that Google is likely to release some fixes in more general upgrades that don't fall into that (+ 1) time period. As a non-Android user/follower, I have no knowledge in that area and no opinion to offer of my own if that may in fact be the case. I'm also not the OP so I can't express whether or not that was an editorial opinion.

Even if it was an editorial opinion that was expressed, I'm still not convinced it was "disingenuous on purpose", as it may very well be a sincere/candid opinion of the OP. I can only leave that for the OP to comment on.


The OP said "updates" not "upgrades". The use of the word "some" is not correct regardless of what context you try to paint it in.


I stand by my remark, as I don't have a way to confirm what security updates Google bothers to release at all to "outdated" devices.


Of course there's a way to confirm what security updates Google releases. You just have to go to the Android Security Bulletin site [1]. You know this, but it would conflict with your agenda of spreading Google/Android FUD because of your perpetual grievances with Google surrounding the Google/Oracle trial.

[1]https://source.android.com/security/bulletin/


Where does it state which devices got which patch level?

Just because a fix is available today doesn't mean an old Nexus will get it.

As for agenda, as a consumer and developer, I want a device where I am able to use the same Java libraries as on a regular Java and get updates as on any of my computers without having to pay more than a month salary for such time limited privilege.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: