> if they saw the risk as large enough.
replyIf you expose people to the true risks instead of allowing them to be ignorant, the conclusion that they might come to is that they shouldn’t develop software at all.
Really? You think the alternate mode where you're running 5-year-old versions of stuff with tons of known security flaws is better?
replyWhat part of "We reviewed all relevant CVEs as they came out to make a call on if they apply to us or not and how we mitigate or address them" gave you that impression?
reply>running 5-year-old versions of stuff with tons of known security flaws
replyNo one in this thread proposed that, or anything that could be reasonably assumed to have meant that.