Bad Linux

Brian Cluff plug-discuss@lists.PLUG.phoenix.az.us
Thu, 17 May 2001 18:56:08 -0700 

> The issue is not the *number* of holes.  The issue is the time it takes to
> close one once it is found.

Sure it is.  Most distros come with a number of programs that are redundant,
the default install will install the one that is considered secure, but the
distro still comes with other versions that may have known problems with
them.
Now most people aren't going to go out of their way and uninstall the more
secure default and install the les secure version, but the fact that the
distro comes with it gives it points against it on the bug patch list.  I've
seen it over and over again.

I'm just saying that the time to patch for a default system has a much much
much shorter time than if you compare every piece of software that is
capable of being put on a system.

In other words
linux+kde/gnome+koffice+apache+mysql/posgresql+php/zope+etc...etc...  will
probably always come out below windows+nothing.

Now if someone were to take into account for
windows+office+photoshop+napster+icq..etc.etc... it would be a little more
fair.

Plus I doubt that MS has ever done anything over night.  I just recently
read an article straight from MS about why they take so long to publish
patches for known bugs.  Their answer was an attack on open source, by
saying that they take a long time, becase they test every one of their
patches before releasing them, unlike opensource software that quickly
releases a patch.
I wish I could remember where I read that exactly so that I could refer
directly to it.

Brian Cluff
----- Original Message -----

>
>
> > It's really not fair when you have to factor in holes for
> > multiple versions
> > of software that can't even run at the same time (sendmail, postfix,
> > wu-ftpd, proftpd... etc etc) that often come with a distro.
> > Plus the fact that the often lump all security holes found in all
> > distro in
> > the "linux" catagory, often times counting the same security hole
> > more than
> > once.
> >
> > Brian Cluff
> >
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail
> > doesn't post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss