Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you?

Yes. At the end it's all about trust.

With a good community making hotpatches, and explaining their fixes I will install them.



The question was not would you install a random patch but would you be ok with the IRS installing random patches when creating a backdoor could easily be worth 100+million?


First, I don't like the "random patch" expression. I am talking about patches discussed by the reverse engineering and security community. IRS is already patching their systems in a similar way when they update a Linux distribution.


No really, The IRS will use something like Red Hat and the Red Hat Corporation will be providing a level of guarantee which the IRS can fall back on should they need to.

If they just pull patches from the community themselves, when something goes wrong they will have to take the blame themselves and people will think they are foolish being so reckless. As a techie, this option may seem feasible to you but then again you're just some random guy on HN who probably thinks node.js is the be all and end all of IT. I doubt you've got the intelligence (cleary) or the experience (very cleary) to understand how the IT industry works at a human, risk management and legal level.


It's funny how you talk about me without knowing me. You don't even made a background check to see if I adjust to your node.js bias.

No, my company sells hard core technology to big vendors and sign the kind of corporate contracts that you refer in your comment. Since the IRS will not solve the issue there is another route: selling a hotpatch service to another vendor who sells to the IRS.


> With a good community making hotpatches, and explaining their fixes I will install them.

You will have to be reassure that your patch will work and is risk free. If not, get ready for a bill and possibly a congressional hearing.

Good community is great, but you need to shift responsibility whenever possible. Not that there aren't any kernel hackers work in the public service sector, but they have other important things to do than fixing someone else' product if there's a choice.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: