[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian security being trashed in Linux Today comments

On Monday, 2002-01-14 at 23:20:21 -0400, Peter Cordes wrote:
> On Mon, Jan 14, 2002 at 01:25:11PM -0500, Jeremy L. Gaddis wrote:

>  I recompressed it as a real PNG, and attached it to this mail, for your
> viewing pleasure :)  PNG gets 3.5 times better compression, probably because
> this image only uses 8 bits of colour, and the xwd was 24bit.

I hadn't tried to view it when it first came around. As a graph,
it is not very impressive. Hard to judge x and y for any point on
the curve. This would probably be better done as a histogram.

>  Someone else mentioned that this graph should go up on a website, but
> someone else shot them down.  I think the suggestion was just for this image
> in particular, not that this should be done for every image-attachment on
> all lists.  Anyway, I agree that it would be cool to have this graph and the
> data available on a web site.  (With the data in a two-column ascii list,
> rather than a spreadsheet or something that needs to be downloaded and dealt
> with separately.)  Of course, then we might need to make up excuses, or
> preferably find solutions, for the exceptionally long bugs.

I still think a table and graph would be a god addition to the security
FAQ, as an answer to the question "How long does Debian take to
fix known vulnerabilities". Tne table could go in the FAQ, and the
graph could be linked. (Dunno how the FAQ gets set up, but I guess
there will be an ASCII-only version.)

I believe the most useful format would be linear for the number of bugs
fixed, and log for the time. Like this

Time (days)	No of fixes
1		?
2-3		?
4-7		?
8-15		?
16-31		?

I'd be *really* interested in seeing that kind of table for more OSes.
Not only Linux distributions, but also Solaris, *BSD, and Windowses.

My gut feeling is that Debian would shine in such a comparison.
Initially, I came to Debian because I had the feeling that it was
the Linux dustribution with the fastest reaction to the discovery
of vulnerabilities. Judging from BUGTRAQ.

Lupe Christoph
| lupe@lupe-christoph.de       |        http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a      |
| Bat-Leth contest on the holodeck. They will not concern us again.      |
| http://public.logica.com/~stepneys/joke/klingon.htm                    |

Reply to: