Hacker News new | past | comments | ask | show | jobs | submit login

In essence, you are agreeing that this is the root cause, you just seem to believe it's unrealistic to fix it.

I actually think it's viable to fix, I am simply not sure if anyone would pay for it — basically, old LTS model from Linux distributions where a set of packages gets 5 or 10 years of guaranteed security updates (backported, maintaining backwards compatibility otherwise).

If one was to start a business of "give me a list of your FLOSS dependencies and I'll backport security fixes for you for X", what's X for you?




Aren't you just reinventing Red Hat?


That's the other way around (and also SuSE, Ubuntu LTS and even Debian stable): here are the things you can get security backports for vs here are the security backports for things you need.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: