I've seen a few pair of founders with great success have an agreement that one could at any point for any reason, decide to buy out the other party. Catch is that if you invoke that the other party can switch it around and demand that you accept that pay for your share.
It's crystal clear what and how, and you're not going to try and low ball it because you can be forced to sell for that yourself. I don't think it's perfect, but it is simple, self correcting and crystal clear.
This only works well if the parties have equal access to that kind of cash. Otherwise you might get into a situation where the richer founder can just decide to buy the other founder out at a price which is unfair but still beyond their cash means.
That assumes that the founders have enough intimate knowledge of the other founders personal financial situation. They clearly risk becoming a victim of it them if the other founder can find enough money.
If a company is clearly worth more than the offer, finding outside investment or even traditional financing through the bank shouldn't pose that much of an issue.
> Catch is that if you invoke that the other party can switch it around and demand that you accept that pay for your share.
I'm kinda curious how the low-level details of that work out. Do you have some sort of 3rd-party service which temporarily holds one founder's offer and gives the other founder N days to make a decision? Or is there some other mechanism to prevent the founder initiating a buy out from backing out ("no you see, I wasn't actually serious about buying you out!").
The mechanism is triggered by one founder making a clear statement, usually in writing, that they want to trigger it. From that moment on, they are bound to it.
Apart from invoking it in writing, I think such manoeuvres go through a lawyer, which a court will usually accept them as stating the truth about when an offer was send and received. I'm also sure the clause have some text about how long the other founder has to answer and how long they have to come up with the money if they decide to switch it around.
What should they do instead? You have to rush to patch in any case. If the maintainers start to label commits with "security patch" the logical step is that it doesn't require immediate action when the label is not there. Never mind that the bug might actually be exploitable but undiscovered by white hats.
If you do not want to rush to patch more than you have to, use a LTS kernel and know that updates matter and should be applied asap regardless of the reason for the patch.
When someone submits a patch for a vulnerability label the commit with that information.
> You have to rush to patch in any case.
The difference is how much of a head start attackers have. Attackers are incentivized to read commits for obfuscated vulns - asking defenders to do that is just adding one more thing to our plates.
That's a huge difference.
> the logical step is that it doesn't require immediate action when the label is not there.
So I can go about my patch cycle as normal.
> Never mind that the bug might actually be exploitable but undiscovered by white hats.
OK? So? First of all, it's usually really obvious when a bug might be exploitable, or at least it would be if we didn't have commits obfuscating the details. Second, I'm not suggesting that you only apply security labeled patches.
Don't know why your other comment got downvoted. Silently patching bugs has left many LTS kernels vulnerable to old bugs, because they weren't tagged as security fixes. Also leads to other issues..: https://grsecurity.net/the_life_of_a_bad_security_fix
I've read the post before, I've seen the talk, and frankly it's been addressed a number of times. It's the same silly nonsense that they've been touting for decades ie: "a bug is a bug".
They don’t need to label it security even, just a “upgrade now, upgrade soon, upgrade whenever”.
But they clearly don’t want nor care about making that call (and even more clearly basically expect everyone to run the latest kernel at all times (and if you run into a bug there no doubt you’ll be told to not run the latest kernels).
I think you missed my point. Attackers will go through commits regardless of a "Security Patch" tag.
But going about your normal patch cycle as normal for things not labelled "Security Patch", just means if the patch for some reason should have been tagged but wasn't, you're in the same situation.
I do see the value in your approach, but it just does not change anything for applications where security is top priority.
Well Xen for instance includes a reference to the relevant security advisory; either "This is XSA-nnn" or "This is part of XSA-nnn".
> If the maintainers start to label commits with "security patch" the logical step is that it doesn't require immediate action when the label is not there. Never mind that the bug might actually be exploitable but undiscovered by white hats. If you do not want to rush to patch more than you have to, use a LTS kernel and know that updates matter and should be applied asap regardless of the reason for the patch.
So reading between the lines, there are two general approaches one might take:
1. Take the most recent release, and then only security fixes; perhaps only security fixes which are relevant to you.
2. Take all backported fixes, regardless of whether they're relevant to you.
Both Xen and Linux actually recommend #2: when we issue a security advisory, we recommend people build from the most recent stable tip. That's the combination of patches which has actually gotten the most testing; using something else introduces the risk that there are subtle dependencies between the patches that hasn't been identified. Additionally, as you say, there's a risk that some bug has been fixed whose security implications have been missed.
Nonethess, that approach has its downsides. Every time you change anything, you risk breaking something. In Linux in particular, many patches are chosen for backport by a neural network, without any human intervention whatsoever. Several times I've updated a point release of Linux to discover that some backport actually broke some other feature I was using.
In Xen's case, we give downstreams the information to make the decisions themselves: If companies feel the risk of additional churn is higher than the risk of missing potential fixes, we give them the tools do to so. Linux more or less forces you to take the first approach.
Then again, Linux's development velocity is way higher; from a practical perspective it may not be possible to catch the security angle of enough commits; so forcing downstreams to update may be the only reasonable solution.
At that level of optimization, the problem is not isolated. With Starlink the gain by using lasers is potentially lost with the additional processing that needs to happen when bouncing over multiple satellites.
If you could have responsive and rich UI/UX 30-40 years ago you don't need anything but a highly efficient core prioritizing the UI. No need to waste energy on a super fast core.
Usually this is solved by including domain experts on the development teams. Their responsibility is not to program, but to document and verify that the test cases are adequate. This is well known, but often ignored because it's expensive.
In a corporate environment I insist on treating warnings as errors. They are warnings for a reason and it will lead to hard to debug errors in a sufficiently large codebase/team. Enabling it after the fact is a chore, but once it working its not much extra work.
Linting I only use for adding/correcting a file header, order or methods or other things that it can fix automatically.
I think it's less nefarious than that. The vendor did not fulfil their end of the contract, so the contract is voided and the money is transferred back. If the bank starts to go into do partial refunding they could suddenly be spending a lot more on this service.
It's crystal clear what and how, and you're not going to try and low ball it because you can be forced to sell for that yourself. I don't think it's perfect, but it is simple, self correcting and crystal clear.