Javier Fernández-Sanguino Peña a écrit :
On Sat, Nov 19, 2005 at 06:03:13PM -0500, Filipus Klutiero wrote:Hi Javier,I'd like to be sure about which claim you refer to. The current claim is the one that says that Debian *does* issue fixes for most problems under 48 hours, right? I'm asking since if I understand right the statistics you produced do make the bug valid.I don't know where the current claim comes from, you'll have to ask the security team.
OK, that's not what I was asking, but you answered my question anyway :)
Thanks, that's quite useful stuff. I have been wondering if such data was available since some time. Are you aware if there's an effort to continue evaluating the security performance? Perhaps I should ask Andreas Barth or Joey Hess instead? Note, while I don't have much time, I'd be somewhat willing to participate in such an effort. One thing I don't understand in the PDF is that there's a difference between "Mean time" and "Average time". Apparently both of us aren't native English speakers. I'm more familiar with the meaning of average and median. When "mean" is used like you use it, does it mean "median"? Now what confuses me is that you're asking to produce evidence against the current claim, but according to your stats the median time is indeed above 48 hours, isn't it? I count only 84 entries out of the 239 with a Diff < 3 (although counting all Diff=2 is a bit generous). And as your document says, the trend seems to make latency go up with time (I don't expect things to have improved). But maybe you're simply saying that we should trust www.debian.org assuming that things have improved, and you're simply asking to collect more current data? If that's it, I'd like to ask www.debian.org to suggest a method that would convince them of removing or changing the current claim. I'd like this to include (what timeframe/how many security issues) to review. Then I'm going to consider the bug on my side.That looks interesting but also like a 404. I red your 2001 post and one of the attachments is integrated in the text. I don't know how to view it. I also don't know how to use the bin00000.bin attached. gunzip-ing and trying a PNG viewer on it seemed to fail.Oh, it should have been: http://people.debian.org/~jfs/debconf3/security/