[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On cadence and collaboration

Julien BLACHE wrote:
> That'd break common enterprise setups like having 2 firewalls running
> different distributions. Not sure how you get around that once all the
> distros commonly used/accepted in the enterprise world agree on
> shipping the same version of server software.

Using two different versions of software is IMO no boon to security for
a series of reasons:
- Having a single compromised firewall is enough.
- There's no guarantee the different versions won't be affected by the
same security issues.
- There's more management work to follow the possible vulnerabilities,
which could be seen as making attack surface bigger.
- Not to mention the lack of support, which has already been used as an
argument: since it's unlikely upstream would provide security updates
for two versions the burden would fall on the distro and the timeframe
for exploits gets a bit bigger.

But even if I'm wrong - which I could easily concede - this doesn't
serve as argument, since you could just as easily use two different
versions of the same distribution, specially in scenarios where you can
deploy LTS and STS versions concurrently.
This would ease the management overhead and still keep the theoretical
security gains.

Leo "costela" Antunes
[insert a witty retort here]

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: