When you don't update, you will eventually have software full of known security 
bugs. Known security bugs (if they aren't properly managed, like analyzing 
their impact and mitigating them) are arguably worse than unknown security bugs 
(ceteris paribus), because they are much cheaper to exploit.

The same does not apply to non-security bugs. The key difference is that 
security bugs are triggered on purpose, while other bugs are triggered 
accidentally.

It is questionable if old software with security patches (e.g. Debian stable, 
Firefox ESR) is better than fresh one or not. I see good arguments on both 
sides, so maybe it depends.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57eb6f16-91f9-497b-921b-d7d39beb93e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to