i dont see how that's true. in both worlds, a developer has to take the manual a... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

kbar13 on Jan 24, 2019 | parent | context | favorite | on: Our Software Dependency Problem

i dont see how that's true. in both worlds, a developer has to take the manual action to review published vulnerabilities and track down repos they own that are affected and upgrade the dependencies.

eeZah7Ux on Jan 25, 2019 [–]

No: with dynamic linking, and especially with Linux distributions, most of the work is automated and the patching is done by the distribution security team.

The time to write a patch and deliver it to running systems goes down to days or, more often, hours.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact