Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o, gentoo-security@g.o
From: "Hemmann, Volker Armin" <volker.armin.hemmann@...>
Subject: Re: SearchSecurity.com: "Linux patch problems: Your distro may vary"
Date: Mon, 7 Aug 2006 19:48:07 +0200
On Monday 07 August 2006 13:42, Wolfram Schlich wrote:
> Hi,
>
> I just stumbled over an article from SearchSecurity.com which was linked to
> in a heise newsticker posting that tries to analyze how fast distributions
> react to security vulnerabilities:
>
> 	http://tinyurl.com/lplfb
>
> Quick chart:
>
> 	Rank Distro                    Points/100
> 	---- ------------------------- ----------
> 	1.   Ubuntu                    76
> 	2.   Fedora Core               70
> 	3.   Red Hat Enterprise Linux  63
> 	4.   Debian GNU/Linux          61
> 	5.   Mandriva Linux            54
> 	6.   Gentoo Linux              39
> 	7.   Trustix Secure Linux      32
> 	8.   SUSE Linux Enterprise     32
> 	9.   Slackware Linux           30
>
> Rank 6 out of 10 is not a great result -- at least we beat SUSE ;)
>
> Any comments or thoughts about this?
> Can we become better?
> Are we maybe better than the author pretends?
> Does the security team currently face serious problems that need to be
> solved, be it inside or outside the security team?

comment?
yes.

I would like to know, if they counted until the patch/fix was announced or 
until it was available?

If you are using unstable (~arch) you will get a lot of fixes BEFORE they are 
announced. So when the nice 'packet FOO is vulnerable, upgrade to FOO+1' 
arrives, you think 'gee.. I updated to FOO+1 two nights ago....'.

So there is a difference between: fix is available for unstable, fix is 
available for stable, fix is announced.

And I would like to know, which of the three got into that 'statistic'.
-- 
gentoo-security@g.o mailing list


References:
SearchSecurity.com: "Linux patch problems: Your distro may vary"
-- Wolfram Schlich
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: SearchSecurity.com: 'Linux patch problems: Your distro may vary'
Next by thread:
Re: SearchSecurity.com: "Linux patch problems: Your distro may vary"
Previous by date:
GLSA 200607-02 & freetype-1.3.x ?
Next by date:
Re: SearchSecurity.com: "Linux patch problems: Your distro may vary"


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.