Julien BLACHE wrote: > You are on a fight against proprietary software (you made that clear > through your wording in your first mail). One of the issues with > proprietary platforms is that everyone running a given platform runs > the same security holes. > > Now, that obviously applies equally if platform = Debian, but not if > platform = Linux. There aren't different Windows vendors. There's only > one. There are different Linux vendors. If they all offer the same > thing, then we have another monoculture and we lose something, > something very real. > > In the free software world, the diversity we have today, which is > partly due to unaligned releases from the major vendors, is an asset. > > You have been talking a lot about the implications at our level and > a bit about upstream, but there are implications downstream too that > must not be overlooked and they might not be the most obvious. > Yes, I would have to agree with your point - having more distributions on the same base version of something like Apache or OpenSSH does increase the risk of a compromise being systemic rather than limited to a particular vendor. The other side to the coin, though, would be the benefits in terms of scrutiny and speed to resolve the issue (produce a patch, at least) when it does happen. But it's a good point.
Mark -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
