Hacker News new | comments | show | ask | jobs | submit login

| poor update policies

which ones? forcing them or not forcing them?




Neither.

1. Bundling them -- it should be trivial to turn off all non-security updates while still getting all security updates.

Counterpoint: There might be no unambiguous distinction between security update or non-security update.

2. Not having them. WannaCry was so bad because Microsoft stopped providing security updates for a system that's still widely used.

Counterpoint: It seems odd to insist Microsoft continue to provide updates to a fifteen-year-old system they end-of-lifed three years ago. Should we be able to force them to keep providing updates indefinitely by steadfastly refusing to upgrade?


In the wannacry event the policy of not applying updates was contributory to its spread. So 'not forcing them' being the less good choice.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: