[Tfug] Multiple distros for security?

Eric Gearhart eric at nixwizard.net
Fri Jan 23 16:21:31 MST 2009


On Fri, Jan 23, 2009 at 3:42 PM, Paul Lemmons <paul at lemmons.name> wrote:
> Matt, it could also be argued that if you have three distro's you triple
> your chance of getting stung by a 0-day exploit. Granted you are only 1/3rd
> compromised but how is that really worse than being 100% compromised? You
> are still in a bad way.
>
> One could also argue that most of the major distro's feed from the same
> source pool. If one distro is compromised then they are probably all going
> to experience the same problem. So you will have complicated your life with
> no real benefit.


I think Matt's point with the recent Debian OpenSSL library
vulnerability, that left a huge hole only in Debian-derived distros,
argues against that approach.

All distros are not created equal, as many people discovered that day.

I honestly think the original approach of throwing one FreeBSD or
OpenBSD box into the mix isn't too bad of an idea honestly, for such a
critical infrastructure component as DNS

--
Eric
http://nixwizard.net




More information about the tfug mailing list