daniel:// stenberg://"Unfortunately in the bank where i work it is not easy to change the version, it requires lots of resources to retest." says reporter who uses a ten years old #curl version with a suspected bug... The problem is not open source.
LangerJan@bagder So they reported a bug on a 10 year old version instead? To what end? They would have to do their costly deployment anyways? 🤔
James Booker@LangerJan @bagder it's not quite the same, because taking the curl version they have (10 years old) and applying a patch which doesn't affect the API, may not mean rebuilding/retesting their whole stack.
Moving forward ten years in curl will likely cause a cascade of lots of other dependencies which are now broken because curl did a hyperspace jump forward
GNUkko Sauvage (eris-ng) 
I think it's a bureaucracy requirement: if they can label the upgrade as a "minimal surface critical patch update" or whatever magical words, they can deploy it without going through the full retest / recertification
CC: @[email protected]
CC: @[email protected]
TheTomas@bagder This I would name misaligned Governance and Compliance when you apply any software w/o proper upgrading bugfixing processes.
BitHive 
Riku Voipio@bagder "To get a response to your question, please sign this consulting contract with the hourly rate of of..."
SuperIlu@bagder did they demand you fix the old version retrospectively with an insane deadline and dire consequences? 😬
Simon Hewison
draeath
Michael
LovesTha🥧
Erin Church 
🏳️⚧️RE: https://mastodon.ar.al/@aral/116311555165101069
Giorgio Agamben's concept of the state of exception is useful here.
Certain people are being ontologically excluded from the law and the protection it provides, and their exclusion in turn serves to perpetuate the Zionist state, is crucial to its continued existence.
Krzysztof Sakrejda@bagder lol, Bank has the money, this is the most bank behavior ever
edit: Rihanna is the only appropriate response to a bank pleading poverty: https://youtu.be/N-w8lEL_0y4&t=69
Rihanna Pranks Jimmy Kimmel
Thomas Depierre@bagder its ok, we just need mandatory cool down so that we
1. Get slower response and testing of new releases
2. Motivate people even less to upgrade.
We know it is the right thing to do, because Security Experts told us. The same that keep demanding "Secure Coding Guidelines" training which have not worked for the past few decades.
Troed Sångberg@bagder Had a similar comment recently at a company where I consulted on cybersec. "Our customers won't upgrade to the latest version because the only run versions they've certified themselves on all their equipment".
My followup was: "Ask them what version of iOS and Android runs on all their phones" ...
Steve Loughran@bagder i see that sometimes. This is where "you are free to cherrypick the specific patches and all prerequisites" is a valid response. Because it is true, unlike with closed source dependencies
João Santos@bagder that sounds the kind of request that can be answered with a price quote with an unreasonable number of 0s.
Mr. Lance E Sloan (IRL) 👤@bagder
I've heard that banks are not good environments to work in, technology-wise. For example, they're maintaining & using COBOL programs written decades ago.
I've heard that banks are not good environments to work in, technology-wise. For example, they're maintaining & using COBOL programs written decades ago.
@sloanlance @bagder there's also loads of Java and quite some Python.
Agnieszka R. Turczyńska@bagder It's not much better in other areas. For a few years I was working for company doing TV decoders (air, cable, sat). We had a bunch of reports from the field, that there are problems with WiFi connectivity. A quick glance at our WiFi stack (wpasupplicant, connman): I don't remember the exact age, but it was at least three years old. It took me some time to convince my chain of command, that we need to update the whole stack. There were very hesitant, because, quote "we may introduce new bugs". Well, yes, I agree, there is a risk. But we already HAVE bugs, which affect the business of the customer.
Long story short: updated the stack, bugs had disappeared, and the connectivity situation improved.
BTW, I use the reluctance for the change as a metric of health of the s/w company. And if the org is afraid, above the certain level, of making changes, then it says something about the effectiveness of their tests.
And banks, well, there are very risk averse. I've been working in that industry for a few years as well, and I have some stories...