| ▲ | doctorpangloss 3 hours ago |
| you have 1.0 installed. you enable 7 day cooldowns. an exploit is discovered in 1.0, and 1.1 is immediately released to fix the exploit. do you sit on 1.0 for 7 days? |
|
| ▲ | trevor-e 3 hours ago | parent | next [-] |
| it specifically addresses this in the "The escape hatch" section... |
| |
| ▲ | k3nx 36 minutes ago | parent [-] | | So, the threat actor now, after making the compromise, just needs to announce that the previous version has a 0-day, and folks need to install the latest version? I love the idea of a cool down, but it can still be thwarted. I would just hope folks that are trying to patch a 0-day take extra caution to vet the new version. I wouldn't be opposed to a --cooldown 0 doing a side by side diff. I may not know what's going on in the code, but a 0-day shouldn't be a ton of new code either. |
|
|
| ▲ | esafak 2 hours ago | parent | prev | next [-] |
| Security updates bypass the cooldown. |
|
| ▲ | 3 hours ago | parent | prev [-] |
| [deleted] |
