Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One mental model is that Linux distros are really just curated package repositories, with all the upsides and drawbacks that come with that. Especially regarding their dogmatic insistence that across the entire repository there's only a single (or at most several) versions of any given library


Aren't developers always using the same version and blindly downloading and running malicious code doing the same thing, running a single version?

Only those were harmed. And by harmed it was just really a bunch of tests runs failing, I guess no production workload was impacted by that jerk move.


Right, but my point is this code, in and of itself, really isn't malicious. It's only malicious in the context of "version XYZ used to do X, now it does Y". If you make versions indelible, you eliminate the potential for this to blow up as an issue.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: