undefined | Better HN

0 pointsArchOversight2y ago0 comments

This has been an issue in the past, where NGINX disagreed with a CVE being assigned, but a CVE is the easiest way to get a vulnerability fixed across the ecosystem and in the distributions that distribute NGINX.

Each time something is silently fixed it takes much longer and is much harder to actually get the fix approved/backported/whatever is necessary to get it fixed.

0 comments

braiamp2y ago

Except that no one is shipping with QUIC enabled. It's marked as experimental, so if you are deploying on prod you are asking for it.

ArchOversightOP2y ago

Asking for what?

j / k navigate · click thread line to collapse

0 pointsArchOversight2y ago0 comments

Each time something is silently fixed it takes much longer and is much harder to actually get the fix approved/backported/whatever is necessary to get it fixed.

0 comments

braiamp2y ago

Except that no one is shipping with QUIC enabled. It's marked as experimental, so if you are deploying on prod you are asking for it.

ArchOversightOP2y ago

Asking for what?

j / k navigate · click thread line to collapse