Re: Debian security being trashed in Linux Today comments

To: debian-security list <debian-security@lists.debian.org>
Subject: Re: Debian security being trashed in Linux Today comments
From: Lupe Christoph <lupe@lupe-christoph.de>
Date: Tue, 15 Jan 2002 09:23:20 +0100
Message-id: <[🔎] 20020115092320.W12133@alanya.lupe-christoph.de>
In-reply-to: <[🔎] 20020115032020.GE8902@llama.nslug.ns.ca>; from peter@llama.nslug.ns.ca on Mon, Jan 14, 2002 at 11:20:21PM -0400
References: <[🔎] 20020114181646.L12133@alanya.lupe-christoph.de> <[🔎] HPEJLJPGLJEDODFNGGHMCEAHCAAA.jeremy@home.lan> <[🔎] 20020115032020.GE8902@llama.nslug.ns.ca>

On Monday, 2002-01-14 at 23:20:21 -0400, Peter Cordes wrote:
> On Mon, Jan 14, 2002 at 01:25:11PM -0500, Jeremy L. Gaddis wrote:

>  I recompressed it as a real PNG, and attached it to this mail, for your
> viewing pleasure :)  PNG gets 3.5 times better compression, probably because
> this image only uses 8 bits of colour, and the xwd was 24bit.

I hadn't tried to view it when it first came around. As a graph,
it is not very impressive. Hard to judge x and y for any point on
the curve. This would probably be better done as a histogram.

>  Someone else mentioned that this graph should go up on a website, but
> someone else shot them down.  I think the suggestion was just for this image
> in particular, not that this should be done for every image-attachment on
> all lists.  Anyway, I agree that it would be cool to have this graph and the
> data available on a web site.  (With the data in a two-column ascii list,
> rather than a spreadsheet or something that needs to be downloaded and dealt
> with separately.)  Of course, then we might need to make up excuses, or
> preferably find solutions, for the exceptionally long bugs.

I still think a table and graph would be a god addition to the security
FAQ, as an answer to the question "How long does Debian take to
fix known vulnerabilities". Tne table could go in the FAQ, and the
graph could be linked. (Dunno how the FAQ gets set up, but I guess
there will be an ASCII-only version.)

I believe the most useful format would be linear for the number of bugs
fixed, and log for the time. Like this

Time (days)	No of fixes
1		?
2-3		?
4-7		?
8-15		?
16-31		?
etc.

I'd be *really* interested in seeing that kind of table for more OSes.
Not only Linux distributions, but also Solaris, *BSD, and Windowses.

My gut feeling is that Debian would shine in such a comparison.
Initially, I came to Debian because I had the feeling that it was
the Linux dustribution with the fastest reaction to the discovery
of vulnerabilities. Judging from BUGTRAQ.

Lupe Christoph
-- 
| lupe@lupe-christoph.de       |        http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a      |
| Bat-Leth contest on the holodeck. They will not concern us again.      |
| http://public.logica.com/~stepneys/joke/klingon.htm                    |

Reply to:

Follow-Ups:
- Re: Debian security being trashed in Linux Today comments
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Re: Debian security being trashed in Linux Today comments
  - From: Lupe Christoph <lupe@lupe-christoph.de>
- RE: Debian security being trashed in Linux Today comments
  - From: "Jeremy L. Gaddis" <jlgaddis@blueriver.net>
- Re: Debian security being trashed in Linux Today comments
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: Re: Once again: Spam (from hananet.net, korea)
Next by Date: default security
Previous by thread: Re: Debian security being trashed in Linux Today comments
Next by thread: Re: Debian security being trashed in Linux Today comments
Index(es):
- Date
- Thread