Re: On cadence and collaboration
Julien BLACHE wrote:
> You are on a fight against proprietary software (you made that clear
> through your wording in your first mail). One of the issues with
> proprietary platforms is that everyone running a given platform runs
> the same security holes.
> Now, that obviously applies equally if platform = Debian, but not if
> platform = Linux. There aren't different Windows vendors. There's only
> one. There are different Linux vendors. If they all offer the same
> thing, then we have another monoculture and we lose something,
> something very real.
> In the free software world, the diversity we have today, which is
> partly due to unaligned releases from the major vendors, is an asset.
> You have been talking a lot about the implications at our level and
> a bit about upstream, but there are implications downstream too that
> must not be overlooked and they might not be the most obvious.
Yes, I would have to agree with your point - having more distributions
on the same base version of something like Apache or OpenSSH does
increase the risk of a compromise being systemic rather than limited to
a particular vendor. The other side to the coin, though, would be the
benefits in terms of scrutiny and speed to resolve the issue (produce a
patch, at least) when it does happen. But it's a good point.