I liked the author's pragmatic take on the stability. Indeed that running bleeding edge now has implications to greater attack surface as the supply-chain attacks getting more and more common.

A nice and sincere excerpt from the recent past...

> Back when the XZ backdoor was introduced, I was scrolling through news on my Debian Sid laptop with some code compiling in the background. I learned of a backdoor in XZ Utils, potentially introduced by a state actor in version v5.6.0. Thinking back to the fact that I do, indeed, run a bleeding edge distro and update often, I immediately ran apt list --upgradable | grep xz-utils. Sure enough, the stains on my laptop from the coffee I spat out through the nose2 were pretty tough to deal with.

▲

kdhaskjdhadjk 2 days ago | parent [-]

To put a finer point on it: running bleeding edge does not just now have implications of a greater attack surface, it always has had such implications.

It's just that a tiny fragment of people are suddenly becoming aware of this fact (the masses always remain clueless), whereas others have known it for some time. These people are referred to as "crazy tinfoil hat nutters."

▲

pixl97 2 days ago | parent [-]

Eh, there are two competing drives occurring here.

Back in the day before security was the biggest driver of updating software most people stayed a version or two back to ensure they weren't getting the last corruption bug of the day or whatever other insect was coded in.

But modern internet connected systems have pushed customers into more of an issue. It switched from, stay a version behind to see what bugs are there to, if you don't update now you're going to get hacked.

So this is the situation at hand.

If you don't update you're going to get hacked.

If you update you're going to get hacked.

	▲	kdhaskjdhadjk 2 days ago \| parent [-]
		The conclusion is, computer security does not actually exist.