Comment by notatoad
2 hours ago
i mean, they're succeeding. whether it's coordinated or not the conclusion is the same.
but i think "linux distributions are dangerous" is the wrong conclusion. the right one is to treat each distribution based on their own security practices, and not "linux" as a whole. one distro's bad practices doesn't make others unsafe any more than one distribution's good practices make other safe.
The real takeaway for projects and companies should be that someone having historically behaved in a logical and responsible way doesn’t guarantee that they’ll continue to do that for forever.
Good security architecture has circuit breakers, even for people who are generally high-trust.