this post was submitted on 07 Jun 2024
199 points (96.7% liked)

Asklemmy

43902 readers
1029 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
199
deleted (sh.itjust.works)
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
 

deleted

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 56 points 5 months ago* (last edited 5 months ago) (4 children)

I would absolutely send him an email to the effect of

"Per our multiple verbal conversations, this is just to serve as notice that, in my professional opinion, your refusal to allow me to upgrade a system at risk of multiple security vulnerabilities on a platform that is no longer supported is a risk that you are choosing to accept against my advise."

with a list of known major vulnerabilities attached if possible.

That way at least if this comes back to bite the company on the ass, he can't say "Well he never told me this was a problem!"

[โ€“] [email protected] 21 points 5 months ago

this is the correct response.

get it in writing that they accept the risk that comes with not upgrading so it can't come back on you. all you can do is CYA and make recommendations - if management does not agree with your recommendations make sure you have it documented that you informed whoever is making the decision of the risk.

if you think your employer will somehow still try to hold you accountable for this, save the aforementioned correspondence using something your employer does not manage i.e. a personal device. you could also let other people than this specific individual know about this so it isn't just your word vs his.

[โ€“] [email protected] 18 points 5 months ago

Exactly. After that he can basically let it go. Unless he has some stake in the company or ite survival, he's done his job. It's his bosses problem, the one responsible.

[โ€“] [email protected] 14 points 5 months ago

And keep a copy off site

[โ€“] [email protected] -1 points 5 months ago

I disagree. That's a consultant-style answer. OP is an idiot newb three months into his first job with zero responsibility, and not in any position to "serve notice" or have any meaningful "professional opinion".