Hacker News new | past | comments | ask | show | jobs | submit login

I'd just be happy if by law, security updates had to be updated monthly, with weekly and daily for certain criticals, for a minimum of 5 years.

And maybe a 10% revenue fine, yes revenue, for each missed metric.




In the EU, this will be the case from next year on (2025-06-20). No monthly security patch frequency requirement, but instead "security updates [...] need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system" [1].

Complying with this new regulation and bumping the Linux kernel version during the device life cycle was also a topic at this year's Linux Plumbers Android MC. [2][3]. This is necessary because the Linux LTS support timeframe is shorter than the by law mandated minimum support period of 5 years.

[0] https://news.ycombinator.com/item?id=41128358

[1] https://eur-lex.europa.eu/eli/reg/2023/1670/oj

[2] https://youtu.be/b9xXCNYMWjY?si=yxDJUbJHko8HvFTA&t=458

[3] https://lpc.events/event/18/contributions/1740/attachments/1...


Chrome OS devices (depending on release date) are good for up to 10 years.

https://support.google.com/chrome/a/answer/6220366?hl=en


Such a draconian measure for measly 5 years?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: