Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/dalias/statuses/114590717905238058">Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 19:46:36 JST</a><a href="https://hachyderm.io/@dalias" title="dalias@hachyderm.io"><img src="https://gnusocial.jp/avatar/40873-48-20221207231635.webp" width="48" height="48" alt="Rich Felker" style="position: absolute; left: 0; top: 0;">Rich Felker</a><div><a href="https://social.glitched.systems/notes/a8cjvz0cslph017u" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/320612" title="sparklepanic@infosec.exchange">Raven (she/they)  🏳️‍⚧️</a></li></ul></div></section><article><p><a href="https://social.glitched.systems/@froge">@froge</a> <a href="https://infosec.exchange/@sparklepanic">@sparklepanic</a> It's not stupid. Most "security updates" are nonsense because the software isn't attack surface. Updates must *never* be mandatory. If a piece of software is doing dangerous shit that makes it attack surface, it needs a privacy respecting way to monitor for advisories from a neutral source the publisher can't track, and pinging that source must still be optional, not forced.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5118510#notice-10041048">In conversation</a><time datetime="2025-05-29T19:46:36+09:00" title="Thursday, 29-May-2025 19:46:36 JST">about 5 days ago</time> <span>from <span><a href="https://hachyderm.io/@dalias/114590717905238058" rel="external" title="Sent from hachyderm.io via ActivityPub">hachyderm.io</a></span></span><a href="https://hachyderm.io/@dalias/114590717905238058">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 19:46:36 JSTRich Felker
in reply to
- CyberFrog
- Raven (she/they) 🏳️‍⚧️
@froge @sparklepanic It's not stupid. Most "security updates" are nonsense because the software isn't attack surface. Updates must *never* be mandatory. If a piece of software is doing dangerous shit that makes it attack surface, it needs a privacy respecting way to monitor for advisories from a neutral source the publisher can't track, and pinging that source must still be optional, not forced.
In conversationabout 5 days ago from hachyderm.iopermalink

Public

Embed Notice

HTML Code

Corresponding Notice