Re: On cadence and collaboration
Mark Shuttleworth <firstname.lastname@example.org> wrote:
> Yes, I would have to agree with your point - having more distributions
> on the same base version of something like Apache or OpenSSH does
> increase the risk of a compromise being systemic rather than limited to
> a particular vendor. The other side to the coin, though, would be the
> benefits in terms of scrutiny and speed to resolve the issue (produce a
> patch, at least) when it does happen. But it's a good point.
Compromises and trade-offs :-)
That'd break common enterprise setups like having 2 firewalls running
different distributions. Not sure how you get around that once all the
distros commonly used/accepted in the enterprise world agree on
shipping the same version of server software.
Using another OS instead of another distribution is a big, big change
that costs a lot and increases the risks (a lot in the short term,
less in the long term) but might be the only way out.
It's one downside, but I think it matters and there are others.
Julien BLACHE <email@example.com> | Debian, because code matters more
Debian & GNU/Linux Developer | <http://www.debian.org>
Public key available on <http://www.jblache.org> - KeyID: F5D6 5169
GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169