Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
| Navigation: |
|
Lists:
gentoo-security:
< Prev
By Thread
Next >
< Prev
By Date
Next >
|
| Headers: |
|
To:
|
gentoo-dev@g.o, gentoo-security@g.o
|
|
From:
|
"Hemmann, Volker Armin" <volker.armin.hemmann@...>
|
|
Subject:
|
Re: SearchSecurity.com: "Linux patch problems: Your distro may vary"
|
|
Date:
|
Mon, 7 Aug 2006 19:48:07 +0200
|
|
On Monday 07 August 2006 13:42, Wolfram Schlich wrote:
> Hi,
>
> I just stumbled over an article from SearchSecurity.com which was linked to
> in a heise newsticker posting that tries to analyze how fast distributions
> react to security vulnerabilities:
>
> http://tinyurl.com/lplfb
>
> Quick chart:
>
> Rank Distro Points/100
> ---- ------------------------- ----------
> 1. Ubuntu 76
> 2. Fedora Core 70
> 3. Red Hat Enterprise Linux 63
> 4. Debian GNU/Linux 61
> 5. Mandriva Linux 54
> 6. Gentoo Linux 39
> 7. Trustix Secure Linux 32
> 8. SUSE Linux Enterprise 32
> 9. Slackware Linux 30
>
> Rank 6 out of 10 is not a great result -- at least we beat SUSE ;)
>
> Any comments or thoughts about this?
> Can we become better?
> Are we maybe better than the author pretends?
> Does the security team currently face serious problems that need to be
> solved, be it inside or outside the security team?
comment?
yes.
I would like to know, if they counted until the patch/fix was announced or
until it was available?
If you are using unstable (~arch) you will get a lot of fixes BEFORE they are
announced. So when the nice 'packet FOO is vulnerable, upgrade to FOO+1'
arrives, you think 'gee.. I updated to FOO+1 two nights ago....'.
So there is a difference between: fix is available for unstable, fix is
available for stable, fix is announced.
And I would like to know, which of the three got into that 'statistic'.
--
gentoo-security@g.o mailing list
|
|
