Regressions are irrelevant in this context, you can accept regressions as someth... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ozim 3 months ago \| parent \| context \| favorite \| on: Pnpm has a new setting to stave off supply chain a... Regressions are irrelevant in this context, you can accept regressions as something you will deal with in case those happen or not. Simply installing update automatically you get pwned by bad guys, someone taking over your CI/CD server or infrastructure is not something acceptable.

otterley 3 months ago [–]

That makes the advice all the more important, rather than making it "irrelevant." My point was that people mistakenly believe point releases are safe to apply automatically. They're not, and not just because of security.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact