Installing packages or updating is not a profession

Posted Sep 14, 2009 21:08 UTC (Mon) by man_ls (guest, #15091)
In reply to: Installing packages or updating is not a profession by NAR
Parent article: Attacks against WordPress installations

But that's not a problem -- it's a known trade-off, and GNU/Linux distributors have chosen one path. Nobody forces you to use a distributor -- in fact you might just compile everything statically and upgrade each bit independently. But nobody has chosen that path, because of the enormous waste and bloat. And also because, as the number of copies of a library grows, the probability that all of them are upgraded when a security hole is found approaches zero. Especially given that most of those programs cannot be upgraded automatically, and if users had to pay attention to all those upgrades they would do little else in their lives. The result? Tons of malware.

The Windows solution does not work IMHO. World domination yes, but at what price?