A language in which you can't conditionally hot-patch other people's code requires modifications to happen upstream. Thus technical debates become political debates between the constituencies of multiple incompatible forks of "the" ecosystem. Version hell times fork wars.
The problem with maintaining a fork is not that security updates are many, but that distinguishing them from other updates is hard—robustness depends on "normal" cleanups. Cherrypicking fixes sans expertise will likely create "your own set of vulnerabilities", not make you safe.
-
-
True, but irrelevant. Users of a package will never be bothered to cherry-pick updates. They'll just follow a path of least resistance, e.g. 'does it break my program?' is the criterion. So, only security fixes that *also* require API changes would require special attention.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Read my blog!