| ▲ | willsmith72 5 days ago | |
sounds like the best way to miss critical security upgrades | ||
| ▲ | christophilus 5 days ago | parent | next [-] | |
Why? If you had a package manager tell you "this is out of date and has vulnerability XYZ", you'd do a "gitpkg update" or whatever, and get the new code, review it, and if it passes review, deploy it. | ||
| ▲ | skydhash 5 days ago | parent | prev [-] | |
That’s why most mature (as in disciplined) projects have a rss feed or a mailing list. So you know when there’s a security bug and what to do about it. | ||