List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
"Hemmann, Volker Armin" <volker.armin.hemmann@...>
Re: SearchSecurity.com: "Linux patch problems: Your distro may vary"
Mon, 7 Aug 2006 19:48:07 +0200
On Monday 07 August 2006 13:42, Wolfram Schlich wrote:
> I just stumbled over an article from SearchSecurity.com which was linked to
> in a heise newsticker posting that tries to analyze how fast distributions
> react to security vulnerabilities:
> Quick chart:
> Rank Distro Points/100
> ---- ------------------------- ----------
> 1. Ubuntu 76
> 2. Fedora Core 70
> 3. Red Hat Enterprise Linux 63
> 4. Debian GNU/Linux 61
> 5. Mandriva Linux 54
> 6. Gentoo Linux 39
> 7. Trustix Secure Linux 32
> 8. SUSE Linux Enterprise 32
> 9. Slackware Linux 30
> Rank 6 out of 10 is not a great result -- at least we beat SUSE ;)
> Any comments or thoughts about this?
> Can we become better?
> Are we maybe better than the author pretends?
> Does the security team currently face serious problems that need to be
> solved, be it inside or outside the security team?
I would like to know, if they counted until the patch/fix was announced or
until it was available?
If you are using unstable (~arch) you will get a lot of fixes BEFORE they are
announced. So when the nice 'packet FOO is vulnerable, upgrade to FOO+1'
arrives, you think 'gee.. I updated to FOO+1 two nights ago....'.
So there is a difference between: fix is available for unstable, fix is
available for stable, fix is announced.
And I would like to know, which of the three got into that 'statistic'.
email@example.com mailing list