Hacker News new | past | comments | ask | show | jobs | submit login

Is it really "zero cost in maintenance" if that old code presents attack surface?



No, it's zero upfront cost in maintenance. Owning code always generates some maintenance/ tech debt but it often is opaque nor easily quantifiable.


IMO the secondary cost is really more ‘friction’ that results when making changes.

If no changes get made, then no friction.

And open source code can and often is just abandoned. Defacto, sometimes even de jur. User beware, use at your own risk, etc.


Proprietary code is just as often if not more abandoned - you just don’t notice it


Sure, but proprietary code you can (somewhat) see who is calling it, and the group maintaining it is at least sometimes the group calling it - so has an incentive to not make it a bigger mess. Somewhat. So that part of the equation has less weight.

They have a counter balancing thing which is no one can see it to shame them.


Does the open source code maintainer have liability for it, or necessarily need to do work in that case?

At worst they generally just suffer reputational damage, not actual cost or lost revenue, like a business would.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: