It won’t be a security risk once it’s in use, IT across Germany will know within days of deployment. It will almost definitely be a modified version of some probably well known Linux.
No sense in giving an adversary info on the distro before it’s fully implemented though I imagine. (I would consider that a head-start even if they heavily modify a popular distro)
Giving the See👁️Aye advanced notice wouldn’t be smart, no matter how they wanted to play it.
It won’t be a security risk once it’s in use
I agree
I don’t think it really matters whether a potential adversary has a ‘head start’ all that much, security through obscurity doesn’t work super well when it’s going to be deployed to thousands of easily accessible devices anyway. It’d only just be a defense in depth, but even then meh. But it’s neither here nor there, they’ll do it whatever way they feel is best.
Basically all of social engineering is to get exactly what you’re talking about, a “head start”
Go to their LinkedIn: does the head engineer have MySQL version X on his skills, resume, job description, etc? Maybe somebody even endorsed them for it? “Wow they are THE best database administrator”
Now you know who you need to hack for their database access AND what zero days to research.
ANY info will be an attack vector