• BaumGeist@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    To the feature creep: that’s kind of the point. Why have a million little configs, when I could have one big one? Don’t answer that, it’s rhetorical. I get that there are use cases, but the average user doesn’t like having to tweak every component of the OS separately before getting to doom-scrolling.

    And that feature creep and large-scale adoption inevitably has led to a wider attack surface with more targets, so ofc there will be more CVEs, which—by the way—is a terrible metric of relative security.

    You know what has 0 CVEs? DVWA.

    You know what has more CVEs and a higher level of privilege than systemd? The linux kernel.

    And don’tme get started on how bughunters can abuse CVEs for a quick buck. Seriously: these people’s job is seeing how they can abuse systems to get unintended outcomes that benefit them, why would we expect CVEs to be special?

    TL;DR: That point is akin to Trump’s argument that COVID testing was bad because it led to more active cases (implied: being discovered).

      • TheKingBee@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        3 months ago

        is it overengineering or just a push back against “make each program do one thing well,” and saying yeah but I have n things to do and I only need them done, well or not I just need them done and don’t want to dig through 20 files to do it…