💾 Archived View for station.martinrue.com › marginalia › d1fda183890b4c84a97ece07934f7f29 captured on 2023-04-20 at 01:22:08. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
This log4j/jndi shitstorm is entertaining to no end. At work we got a mass BCC email urging us to update the default jdk due to nebulous "licensing issues". Right, that seems totally legit. No CYA at all.
1 year ago
I'd argue this exposes the bad idea in the "package store"-model of dependency management in general, something that is so convenient it's been creeping into a lot of languages. It inevitably does produce horrendously bloated and insecure software. Give me a good standard library any day. log4j doesn't need to do half the things it can do. · 1 year ago