Isaiah Nathanael

Isaiah Nathanael@lemmy.ml · 4 days ago

Do browsers need to do so much? Many features seem like bloat, not must-haves for the average user.

Isaiah Nathanael@lemmy.ml · 4 days ago

Kewl. But.

A core criticism of the OpenSSF Criticality Score is that it’s a popularity contest, not a security audit. Paraphrasing.

The score is good at identifying widely used projects based on metrics like the number of contributors and dependencies. However… it can give a low score to a crucial, stable project that simply isn’t very active. Most importantly, it doesn’t actually check the code or security practices. A high score means a project is a big target, not that it’s a secure one.

Isaiah Nathanael@lemmy.ml · 4 days ago

This outcome is predictable, as these corporations tend to avoid consequences.

Isaiah Nathanael@lemmy.ml · 5 days ago

they don’t fix bugs… they patch shame.

Isaiah Nathanael@lemmy.ml · 5 days ago

For fixed-release distros (Debian/Ubuntu), the upgrade path is usually sequential.

The main implication: if you skip, you’re outside the tested upgrade path. That can mean broken packages, orphaned configs, security regressions, or a system that simply won’t boot. Sometimes you can force it and it’ll work, but it’s a gamble…