Re: Debian security being trashed in Linux Today comments

To: debian-security list <debian-security@lists.debian.org>
Subject: Re: Debian security being trashed in Linux Today comments
From: Colin Phipps <cph@netcraft.com>
Date: Tue, 15 Jan 2002 14:34:47 +0000
Message-id: <[🔎] 20020115143447.GB2119@netcraft.com>
Mail-followup-to: debian-security list <debian-security@lists.debian.org>
In-reply-to: <[🔎] 20020115135518.GA16452@e-jorgensen.freeserve.co.uk> <[🔎] 86u1tnk8w9.fsf@potato.vegetable.org.uk>
References: <[🔎] 20020115135247.GA2119@netcraft.com> <[🔎] 20020115135518.GA16452@e-jorgensen.freeserve.co.uk> <[🔎] 20020114181646.L12133@alanya.lupe-christoph.de> <[🔎] HPEJLJPGLJEDODFNGGHMCEAHCAAA.jeremy@home.lan> <[🔎] 20020115032020.GE8902@llama.nslug.ns.ca> <[🔎] 20020115092320.W12133@alanya.lupe-christoph.de> <[🔎] 20020115120712.GF3595@dat.etsit.upm.es> <[🔎] 1011098571.4630.0.camel@web> <[🔎] 20020115135247.GA2119@netcraft.com> <[🔎] 86u1tnk8w9.fsf@potato.vegetable.org.uk>

On Tue, Jan 15, 2002 at 02:04:38PM +0000, Tim Haynes wrote:
> Colin Phipps <cph@netcraft.com> writes:
> > It is not misleading in this case, the tail is the _most_ important part
> > of the data. It doesn't matter if we patch every other hole in 10 minutes
> > if we leave one open for months.
> 
> Yes it does, if that remaining hole is merely a local non-root potential
> vulnerability with no known exploit that's a PITA to fix - you *must*
> weight the average accordingly.

Agreed, weighted mean (by severity of vulnerability and popularity of
package) would be better, if suitable weighting could be devised.

On Tue, Jan 15, 2002 at 01:55:18PM +0000, Karl E. Jorgensen wrote:
> Are there any stats available on the number of people who have each
> package installed?

Relative popularity of packages can be got from the popularity-contest
results (although this will tend to reflect workstations more than
servers, since people running a secure server aren't likely to run
something that sends their package list to anyone).
http://people.debian.org/~apenwarr//popcon/

-- 
Colin Phipps         PGP 0x689E463E     http://www.netcraft.com/

Reply to:

Follow-Ups:
- Re: Debian security being trashed in Linux Today comments
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- Re: Debian security being trashed in Linux Today comments
  - From: Colin Phipps <cph@netcraft.com>
- Re: Debian security being trashed in Linux Today comments
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>
- Re: Debian security being trashed in Linux Today comments
  - From: Lupe Christoph <lupe@lupe-christoph.de>
- RE: Debian security being trashed in Linux Today comments
  - From: "Jeremy L. Gaddis" <jlgaddis@blueriver.net>
- Re: Debian security being trashed in Linux Today comments
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: Debian security being trashed in Linux Today comments
  - From: Lupe Christoph <lupe@lupe-christoph.de>
- Re: Debian security being trashed in Linux Today comments
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Debian security being trashed in Linux Today comments
  - From: Adam Warner <lists@consulting.net.nz>
- Re: Debian security being trashed in Linux Today comments
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>

Prev by Date: Re: Following security issues found upstream
Next by Date: Detecting break-ins
Previous by thread: Re: Debian security being trashed in Linux Today comments
Next by thread: Re: Debian security being trashed in Linux Today comments
Index(es):
- Date
- Thread