Julien BLACHE wrote: > That'd break common enterprise setups like having 2 firewalls running > different distributions. Not sure how you get around that once all the > distros commonly used/accepted in the enterprise world agree on > shipping the same version of server software. Using two different versions of software is IMO no boon to security for a series of reasons: - Having a single compromised firewall is enough. - There's no guarantee the different versions won't be affected by the same security issues. - There's more management work to follow the possible vulnerabilities, which could be seen as making attack surface bigger. - Not to mention the lack of support, which has already been used as an argument: since it's unlikely upstream would provide security updates for two versions the burden would fall on the distro and the timeframe for exploits gets a bit bigger. But even if I'm wrong - which I could easily concede - this doesn't serve as argument, since you could just as easily use two different versions of the same distribution, specially in scenarios where you can deploy LTS and STS versions concurrently. This would ease the management overhead and still keep the theoretical security gains. Cheers -- Leo "costela" Antunes [insert a witty retort here]
Attachment:
signature.asc
Description: OpenPGP digital signature