๐พ Archived View for station.martinrue.com โบ marginalia โบ d1fda183890b4c84a97ece07934f7f29 captured on 2023-07-22 at 18:18:14. Gemini links have been rewritten to link to archived content
โฌ ๏ธ Previous capture (2023-01-29)
-=-=-=-=-=-=-
This log4j/jndi shitstorm is entertaining to no end. At work we got a mass BCC email urging us to update the default jdk due to nebulous "licensing issues". Right, that seems totally legit. No CYA at all.
2 years ago
I'd argue this exposes the bad idea in the "package store"-model of dependency management in general, something that is so convenient it's been creeping into a lot of languages. It inevitably does produce horrendously bloated and insecure software. Give me a good standard library any day. log4j doesn't need to do half the things it can do. ยท 2 years ago