Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Vincent Rivellino" <vince@...>
Subject: Re: SearchSecurity.com: 'Linux patch problems: Your distro may vary'
Date: Mon, 7 Aug 2006 12:17:16 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Interesting study.  I like the premise of it.  However, I'm not sure I
agree with their method.  From the article:

"For instance, if a distribution fixed an issue on the earliest date, it
would receive a score of 100 for that issue; if it was the last vendor to
fix the issue, it would get a score of 0. One can then average the scores
after evaluating the 30 issues."

So this is just a ranking, with no quantitative results.  What I'd really
like to know are the distributions' average response times for the High
and Moderate vulnerabilities.

While Gentoo might be 6th, I'd like to know how much slower Gentoo gets
out patches than Ubuntu, Fedora, and/or RHEL.


- -Vince


- --
Vincent Rivellino
GPG Key ID: 62BFEBE4
https://cuz.cx/gpg


On Mon, August 7, 2006 07:42, Wolfram Schlich wrote:
> Hi,
>
>
> I just stumbled over an article from SearchSecurity.com which was linked
> to in a heise newsticker posting that tries to analyze how fast
> distributions react to security vulnerabilities:
>
> http://tinyurl.com/lplfb
>
>
> Quick chart:
>
>
> Rank Distro                    Points/100
> ---- ------------------------- ----------
> 1.   Ubuntu                    76
> 2.   Fedora Core               70
> 3.   Red Hat Enterprise Linux  63
> 4.   Debian GNU/Linux          61
> 5.   Mandriva Linux            54
> 6.   Gentoo Linux              39
> 7.   Trustix Secure Linux      32
> 8.   SUSE Linux Enterprise     32
> 9.   Slackware Linux           30
>
>
> Rank 6 out of 10 is not a great result -- at least we beat SUSE ;)
>
>
> Any comments or thoughts about this?
> Can we become better?
> Are we maybe better than the author pretends?
> Does the security team currently face serious problems that need to be
> solved, be it inside or outside the security team?
>
> I am just curious and would be glad to get some feedback :)
> --
> Regards,
> Wolfram Schlich <wschlich@g.o>
> Gentoo Linux * http://dev.gentoo.org/~wschlich/
> --
> gentoo-security@g.o mailing list
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFE12eKhUAfdmK/6+QRAm4sAJ9U4hDbql8b5Du7ELWTclnBdwXONACghkRk
PLfad2L0hjQZ99puzngf4nU=
=/aSm
-----END PGP SIGNATURE-----

-- 
gentoo-security@g.o mailing list


Replies:
Re: SearchSecurity.com: 'Linux patch problems: Your distro may vary'
-- Eilverijus Kondratas
References:
SearchSecurity.com: "Linux patch problems: Your distro may vary"
-- Wolfram Schlich
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
SearchSecurity.com: "Linux patch problems: Your distro may vary"
Next by thread:
Re: SearchSecurity.com: 'Linux patch problems: Your distro may vary'
Previous by date:
SearchSecurity.com: "Linux patch problems: Your distro may vary"
Next by date:
Jason D'Silva is out of the office.


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.