Mark Shuttleworth <m...@ubuntu.com> wrote: > Yes, I would have to agree with your point - having more distributions > on the same base version of something like Apache or OpenSSH does > increase the risk of a compromise being systemic rather than limited to > a particular vendor. The other side to the coin, though, would be the > benefits in terms of scrutiny and speed to resolve the issue (produce a > patch, at least) when it does happen. But it's a good point.
Compromises and trade-offs :-) That'd break common enterprise setups like having 2 firewalls running different distributions. Not sure how you get around that once all the distros commonly used/accepted in the enterprise world agree on shipping the same version of server software. Using another OS instead of another distribution is a big, big change that costs a lot and increases the risks (a lot in the short term, less in the long term) but might be the only way out. It's one downside, but I think it matters and there are others. JB. -- Julien BLACHE <jbla...@debian.org> | Debian, because code matters more Debian & GNU/Linux Developer | <http://www.debian.org> Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org