Re: Debian security being trashed in Linux Today comments

To: debian-security list <debian-security@lists.debian.org>
Subject: Re: Debian security being trashed in Linux Today comments
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: Tue, 15 Jan 2002 14:04:38 +0000
Message-id: <[🔎] 86u1tnk8w9.fsf@potato.vegetable.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <[🔎] 20020115135247.GA2119@netcraft.com> (Colin Phipps's message of "Tue, 15 Jan 2002 13:52:47 +0000")
References: <[🔎] 20020114181646.L12133@alanya.lupe-christoph.de> <[🔎] HPEJLJPGLJEDODFNGGHMCEAHCAAA.jeremy@home.lan> <[🔎] 20020115032020.GE8902@llama.nslug.ns.ca> <[🔎] 20020115092320.W12133@alanya.lupe-christoph.de> <[🔎] 20020115120712.GF3595@dat.etsit.upm.es> <[🔎] 1011098571.4630.0.camel@web> <[🔎] 20020115135247.GA2119@netcraft.com>

Colin Phipps <cph@netcraft.com> writes:

> On Wed, Jan 16, 2002 at 01:42:50AM +1300, Adam Warner wrote:
> > "...it took the Debian Security Team an average of 35 days to fix
>> security-related vulnerabilites."
>> 
>> An average based upon a very long tail is highly misleading. Please
>> quote the median time to fix a vulnerability instead.
>
> It is not misleading in this case, the tail is the _most_ important part
> of the data. It doesn't matter if we patch every other hole in 10 minutes
> if we leave one open for months.

Yes it does, if that remaining hole is merely a local non-root potential
vulnerability with no known exploit that's a PITA to fix - you *must*
weight the average accordingly.

Much as I hate stats, I can see that what you want to measure is how much
lethargy there is in Debian, which means excluding other influences, and
instead of wondering about means modes and medians, you've got to weight
the whole thing. Bah, complicated.

~Tim
-- 
<http://spodzone.org.uk/>

Reply to:

Follow-Ups:
- Re: Debian security being trashed in Linux Today comments
  - From: Colin Phipps <cph@netcraft.com>

References:
- Re: Debian security being trashed in Linux Today comments
  - From: Lupe Christoph <lupe@lupe-christoph.de>
- RE: Debian security being trashed in Linux Today comments
  - From: "Jeremy L. Gaddis" <jlgaddis@blueriver.net>
- Re: Debian security being trashed in Linux Today comments
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: Debian security being trashed in Linux Today comments
  - From: Lupe Christoph <lupe@lupe-christoph.de>
- Re: Debian security being trashed in Linux Today comments
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Debian security being trashed in Linux Today comments
  - From: Adam Warner <lists@consulting.net.nz>
- Re: Debian security being trashed in Linux Today comments
  - From: Colin Phipps <cph@netcraft.com>

Prev by Date: Re: default security
Next by Date: Re: Debian security being trashed in Linux Today comments
Previous by thread: Re: Debian security being trashed in Linux Today comments
Next by thread: Re: Debian security being trashed in Linux Today comments
Index(es):
- Date
- Thread