On Mon, Mar 30, 2015 at 2:20 PM, Hassan Schroeder <
hassan.schroeder / gmail.com> wrote:

> On Mon, Mar 30, 2015 at 11:10 AM, Besnik Ruka <bruka / targetedvictory.com>
> wrote:
> > This is ignorant and not helpful. There are many legacy applications out
> > there on older tech. Upgrading costs money and time, and that escalates
> > rapidly depending on the size of the app.
>
> IMO it's "ignorant" to stick your head in the sand and ignore security
> issues.
>
> Upgrading has costs; so does recovering from a preventable security
> exploit. And the longer your app goes without upgrading, the greater
> the exposure (and ultimately cost to upgrade or replace).
>

That's a dangerous message to preach if you want your community to
continue. If you say "Your version is insecure and you should spend weeks
of man hours to upgrade, as should everyone who uses your product", then
you're likely to wind up with no one using your language because it's not
worth the effort.

Most places I've seen don't want to ignore security issues. However, they
have to produce some sort of product and they have limited resources to do
so. If Language X becomes so insecure that major upgrades are required
because the community quits supporting what everyone is using, then
Language X is used a lot less. Just because it's cool doesn't make it
worthwhile.

Leam

-- 
Mind on a Mission <http://leamhall.blogspot.com/>