Comment by chii

Comment by chii 2 months ago

4 replies

View on Hacker News

> stops being maintained and the lack of updates makes it fatally insecure or something

which doesn't happen instantly. For example, the end of life of the old java versions (1.5, 7 and 8 etc) - plenty of companies simply just paid a support fee and get support, while others paid to upgrade (or even change stack).

Most open source software, even with lack of updates, does not immediately start failing. The huge amount of time and leeway, even with security issues, is what prevents it from being critical, and prevents OSS from causing a bankruptcy.

squigz 2 months ago

> what prevents it from being critical

Well, there's plenty of mission-critical FOSS used by plenty of companies. But you are right in that it doesn't just fail one day, and companies have plenty of time and options for dealing with abandoned FOSS.

(Which is one of the major benefits of FOSS. It's more likely with proprietary software that it can just disappear one day, with little recourse for users.)

Reply View 0 replies
mgkimsal 2 months ago

> For example, the end of life of the old java versions (1.5, 7 and 8 etc) - plenty of companies simply just paid a support fee and get support, while others paid to upgrade (or even change stack)

And plenty others simply keep using the old 1.8 version because there's no budget to upgrade and there's no budget to 'pay a support fee'. And there's no budget to 'change stack'. Because... there's no budget.

Convincing people you need to upgrade or switch to keep current is often a hard problem, and sometimes has to be done with "you'll get all these new features!". But often "hey, we need some money to upgrade system X" is met with "hrm... it's software! It doesn't rot!".

Reply View 0 replies
throwaway2037 2 months ago

    > paid a support fee and get support
I cannot prove it, but I am convinced this is an important revenue stream for Redhat. They will patch an ancient Linux kernel forever if you pay them. I have worked at multiple companies where we were running ancient Linux kernels than received regular security updates, courtesy of our Redhat subscription!
Reply View 0 replies
DoreenMichele 2 months ago

And your point is?

Me: "I think you cannot get corporations to cough up without some ridiculous extreme event like a behemoth dying. And I'm not holding my breath that would really do it."

You: "Your extreme ridiculous scenario is extremely ridiculous and here's why..."

Rinse and repeat.

Reply View 0 replies