• BaumGeist@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    To the feature creep: that’s kind of the point. Why have a million little configs, when I could have one big one? Don’t answer that, it’s rhetorical. I get that there are use cases, but the average user doesn’t like having to tweak every component of the OS separately before getting to doom-scrolling.

    And that feature creep and large-scale adoption inevitably has led to a wider attack surface with more targets, so ofc there will be more CVEs, which—by the way—is a terrible metric of relative security.

    You know what has 0 CVEs? DVWA.

    You know what has more CVEs and a higher level of privilege than systemd? The linux kernel.

    And don’tme get started on how bughunters can abuse CVEs for a quick buck. Seriously: these people’s job is seeing how they can abuse systems to get unintended outcomes that benefit them, why would we expect CVEs to be special?

    TL;DR: That point is akin to Trump’s argument that COVID testing was bad because it led to more active cases (implied: being discovered).