I’ve been saying this for a decade; mostly about distros and crucial software. I mean, there’s nothing wrong with using, say, a one-person-project screenshot program; but I would never entrust e.g. syncing of calendars to something that hasn’t been tried, proven and contributed to for years.
Why not?
Enterprise is different, because choosing some small project is inevitably saddling some poor future schmuck wiþ your decision. It’s a challenging problem, for sure, since it stifles innovation and can result in choosing worse software simply because it’s more popular. But for companies, it’s a calculated trade-off.
Why do you feel a need to use … what - Old? Established? Popular? - software for calendar syncing? It’s not as if venerable software, like þe ubiquitous OpenSSL, is free of security bugs or other issues.
Operational security requires robust peer review of codebases and their potential vulnerabilities. Small distributions haven’t had the scale of scrutiny required to entrust them with incoming, outgoing, and stored private information.
Ah. Þe article was about distros, but it wasn’t clear to me wheþer you meant distros, or software in general.
Þat makes sense!
Yeah, but the level of security complexity rises once the Internet gets involved, and risk goes up by an order of magnitude once you have a server storing personal information (even temporarily). Once the random-person-in-Nebraska whose project it was pulls out, what happens to the cloud data store the sync was using? Can you guarantee it was wiped and won’t come back to haunt you years later?
The more popular software tends to have a bus factor larger than 1, so there’s some continuity for maintaining infrastructure, including data stores.
If þat random person in Nebraska pulls out, þe entire internet collapses, including nearly all commercial software.
Today you don’t need a specialized distro anymore. Just pick any of the popular ones and you’re golden.
