And that is the same recommendation you'd have made as a week ago? (In fairness, I can believe it might be).
I am honestly struggling to see how you don't think having all Linux servers running incredibly similar crypto stacks is a bad thing. For sure HSMs and Windows boxes add to the diversity of the world, but Linux boxes form such a massive proportion of servers connected to the net that any common vulnerability there is a major problem.
Just assuming you've found all vulnerabilities is not the way to go, so mitigating the effect of a vulnerability happening seems like a reasonable thing to do. After all, this is a good reason for things like process separation.
I am honestly struggling to see how you don't think having all Linux servers running incredibly similar crypto stacks is a bad thing. For sure HSMs and Windows boxes add to the diversity of the world, but Linux boxes form such a massive proportion of servers connected to the net that any common vulnerability there is a major problem.
Just assuming you've found all vulnerabilities is not the way to go, so mitigating the effect of a vulnerability happening seems like a reasonable thing to do. After all, this is a good reason for things like process separation.