Thanks for the nice comparison. I never realized Debian main consists of so many packages, i always considered default ubuntu intallation not so secure due to universe repo enabled by default..Here is one interesting presentation about Ubuntu trusty 14.04 security features: http://blog.dustinkirkland.com/2014/04/ubuntu-1404-lts-security-for-human.html
On Sun, May 18, 2014 at 4:05 PM, Lupe Christoph <lupe@lupe-christoph.de> wrote:
On Sunday, 2014-05-18 at 14:46:21 +0200, Moritz Mühlenhoff wrote:That must be why there are only 535 update packages for Trusty's Universe
> Ubuntu only provides security support for the "main" and "restricted"
> archive sections: https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
> But since the "universe" section is enabled by default, you'll end up
> with a lot of unpatched security vulnerabilities on Ubuntu systems.
(for 35524 packages) and 1371 updates for Precise's 29406 packages...
I admit that the numbers for multiverse are much lower (27 and 1), so
your point is valid as soon as you enable the multiverse (672 and 741
packages). I guess you wouldn't get a very capable Ubuntu system if you
disabled the Universe.
Here is a table:
Relase | Section | Packages | Security Updates
Precise | Main | 8076 | 5407
Precise | Universe | 29406 | 1371
Precise | Multiverse | 672 | 73
Trusty | Main | 8566 | 526
Trusty | Universe | 35524 | 266
Trusty | Multiverse | 741 | 27
Numbers for Wheezy and Squeeze:
Relase | Section | Packages | Security Updates
Wheezy | Main | 35944 | 1193
Wheezy | Non-free | 475 | 0
Wheezy | Contrib | 210 | 0
Squeeze | Main | 28212 | 1777
Squeeze | Non-free | 403 | 0
Squeeze | Contrib | 187 | 1
So by sheer numbers Ubuntu has the better security. But I'm the first to
admit that those numbers don't mean a lot except that somebody was
really busy building packages...
Lupe Christoph
--
| The politician's syllogism: |
| We must do something |
| This is something |
| Therefore, we must do this. |
Archive: [🔎] 20140518140522.GE22470@lupe-christoph.de" target="_blank">https://lists.debian.org/[🔎] 20140518140522.GE22470@lupe-christoph.de
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org