[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On cadence and collaboration

Mark Shuttleworth <mark@ubuntu.com> wrote:

> Yes, I would have to agree with your point - having more distributions
> on the same base version of something like Apache or OpenSSH does
> increase the risk of a compromise being systemic rather than limited to
> a particular vendor. The other side to the coin, though, would be the
> benefits in terms of scrutiny and speed to resolve the issue (produce a
> patch, at least) when it does happen. But it's a good point.

Compromises and trade-offs :-)

That'd break common enterprise setups like having 2 firewalls running
different distributions. Not sure how you get around that once all the
distros commonly used/accepted in the enterprise world agree on
shipping the same version of server software.

Using another OS instead of another distribution is a big, big change
that costs a lot and increases the risks (a lot in the short term,
less in the long term) but might be the only way out.

It's one downside, but I think it matters and there are others.


 Julien BLACHE <jblache@debian.org>  |  Debian, because code matters more 
 Debian & GNU/Linux Developer        |       <http://www.debian.org>
 Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 

Reply to: