Thanks for the nice comparison. I never realized Debian main consists of so many packages, i always considered default ubuntu intallation not so secure due to universe repo enabled by default..
Here is one interesting presentation about Ubuntu trusty 14.04 security features: http://blog.dustinkirkland.com/2014/04/ubuntu-1404-lts-security-for-human.html On Sun, May 18, 2014 at 4:05 PM, Lupe Christoph <l...@lupe-christoph.de>wrote: > On Sunday, 2014-05-18 at 14:46:21 +0200, Moritz Mühlenhoff wrote: > > > Ubuntu only provides security support for the "main" and "restricted" > > archive sections: > https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support > > But since the "universe" section is enabled by default, you'll end up > > with a lot of unpatched security vulnerabilities on Ubuntu systems. > > That must be why there are only 535 update packages for Trusty's Universe > (for 35524 packages) and 1371 updates for Precise's 29406 packages... > > I admit that the numbers for multiverse are much lower (27 and 1), so > your point is valid as soon as you enable the multiverse (672 and 741 > packages). I guess you wouldn't get a very capable Ubuntu system if you > disabled the Universe. > > Here is a table: > > Relase | Section | Packages | Security Updates > Precise | Main | 8076 | 5407 > Precise | Universe | 29406 | 1371 > Precise | Multiverse | 672 | 73 > Trusty | Main | 8566 | 526 > Trusty | Universe | 35524 | 266 > Trusty | Multiverse | 741 | 27 > > Numbers for Wheezy and Squeeze: > > Relase | Section | Packages | Security Updates > Wheezy | Main | 35944 | 1193 > Wheezy | Non-free | 475 | 0 > Wheezy | Contrib | 210 | 0 > Squeeze | Main | 28212 | 1777 > Squeeze | Non-free | 403 | 0 > Squeeze | Contrib | 187 | 1 > > So by sheer numbers Ubuntu has the better security. But I'm the first to > admit that those numbers don't mean a lot except that somebody was > really busy building packages... > > Lupe Christoph > -- > | The politician's syllogism: | > | We must do something | > | This is something | > | Therefore, we must do this. | > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: https://lists.debian.org/20140518140522.ge22...@lupe-christoph.de > >
