Re: On cadence and collaboration

To: Mark Shuttleworth <mark@ubuntu.com>
Cc: debian-project@lists.debian.org
Subject: Re: On cadence and collaboration
From: Julien BLACHE <jblache@debian.org>
Date: Wed, 05 Aug 2009 23:01:43 +0200
Message-id: <[🔎] 873a86f008.fsf@sonic.technologeek.org>
In-reply-to: <[🔎] 4A79EFDC.5030204@ubuntu.com> (Mark Shuttleworth's message of "Wed, 05 Aug 2009 21:47:24 +0100")
References: <[🔎] 4A794F22.7090902@ubuntu.com> <[🔎] 87hbwmh79e.fsf@sonic.technologeek.org> <[🔎] 4A797925.7050504@ubuntu.com> <[🔎] 87d47ah1ub.fsf@sonic.technologeek.org> <[🔎] 4A799481.8090902@ubuntu.com> <[🔎] 87r5vqf486.fsf@sonic.technologeek.org> <[🔎] 4A79EFDC.5030204@ubuntu.com>

Mark Shuttleworth <mark@ubuntu.com> wrote:

> Yes, I would have to agree with your point - having more distributions
> on the same base version of something like Apache or OpenSSH does
> increase the risk of a compromise being systemic rather than limited to
> a particular vendor. The other side to the coin, though, would be the
> benefits in terms of scrutiny and speed to resolve the issue (produce a
> patch, at least) when it does happen. But it's a good point.

Compromises and trade-offs :-)

That'd break common enterprise setups like having 2 firewalls running
different distributions. Not sure how you get around that once all the
distros commonly used/accepted in the enterprise world agree on
shipping the same version of server software.

Using another OS instead of another distribution is a big, big change
that costs a lot and increases the risks (a lot in the short term,
less in the long term) but might be the only way out.

It's one downside, but I think it matters and there are others.

JB.

-- 
 Julien BLACHE <jblache@debian.org>  |  Debian, because code matters more 
 Debian & GNU/Linux Developer        |       <http://www.debian.org>
 Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169

Reply to:

Follow-Ups:
- Re: On cadence and collaboration
  - From: "Leo \"costela\" Antunes" <costela@debian.org>

References:
- On cadence and collaboration
  - From: Mark Shuttleworth <mark@ubuntu.com>
- Re: On cadence and collaboration
  - From: Julien BLACHE <jblache@debian.org>
- Re: On cadence and collaboration
  - From: Mark Shuttleworth <mark@ubuntu.com>
- Re: On cadence and collaboration
  - From: Julien BLACHE <jblache@debian.org>
- Re: On cadence and collaboration
  - From: Mark Shuttleworth <mark@ubuntu.com>
- Re: On cadence and collaboration
  - From: Julien BLACHE <jblache@debian.org>
- Re: On cadence and collaboration
  - From: Mark Shuttleworth <mark@ubuntu.com>

Prev by Date: Re: On cadence and collaboration
Next by Date: Re: On cadence and collaboration
Previous by thread: Re: On cadence and collaboration
Next by thread: Re: On cadence and collaboration
Index(es):
- Date
- Thread