No sense in giving an adversary info on the distro before itâs fully implemented though I imagine. (I would consider that a head-start even if they heavily modify a popular distro)
Giving the Seeđď¸Aye advanced notice wouldnât be smart, no matter how they wanted to play it.
It wonât be a security risk once itâs in use
I agree
I donât think it really matters whether a potential adversary has a âhead startâ all that much, security through obscurity doesnât work super well when itâs going to be deployed to thousands of easily accessible devices anyway. Itâd only just be a defense in depth, but even then meh. But itâs neither here nor there, theyâll do it whatever way they feel is best.
Basically all of social engineering is to get exactly what youâre talking about, a âhead startâ
Go to their LinkedIn: does the head engineer have MySQL version X on his skills, resume, job description, etc? Maybe somebody even endorsed them for it? âWow they are THE best database administratorâ
Now you know who you need to hack for their database access AND what zero days to research.
ANY info will be an attack vector
Social engineering is to gain access circumventing downcode, not really âget a head startââŚ
Most attacks are entirely social engineering. Youâre not breaking into secure databases by pulling ridiculous zero day backdoors when itâs much easier to convince an intern to download a file or give you access directly. These super involved attacks are state actors, and no amount of trying to hide what Linux version is being modified will do anything for you there.
State actors of course also use social engineering
Ultimately the point is hacking really doesnât involve the kind of subterfuge youâre describing here in a way where " what Linux is it " matters at all. I mean, windows is used for secure systems across the world, itâs hardly secretive.