sorry, here's proper link to the presentation: https://docs.google.com/presentation/d/1_kTBIZLoT3VOGOFgTqjkQ3E0e4o_esV71RNzo4JuQI0/pub?start=false&loop=false&delayms=3000#slide=id.ge4adadaf_1_645
s. On Sun, May 18, 2014 at 8:26 PM, Stanislav Bocinec <sva...@gmail.com> wrote: > Thanks for the nice comparison. I never realized Debian main consists of > so many packages, i always considered default ubuntu intallation not so > secure due to universe repo enabled by default.. > > Here is one interesting presentation about Ubuntu trusty 14.04 security > features: > http://blog.dustinkirkland.com/2014/04/ubuntu-1404-lts-security-for-human.html > > > > On Sun, May 18, 2014 at 4:05 PM, Lupe Christoph <l...@lupe-christoph.de>wrote: > >> On Sunday, 2014-05-18 at 14:46:21 +0200, Moritz Mühlenhoff wrote: >> >> > Ubuntu only provides security support for the "main" and "restricted" >> > archive sections: >> https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support >> > But since the "universe" section is enabled by default, you'll end up >> > with a lot of unpatched security vulnerabilities on Ubuntu systems. >> >> That must be why there are only 535 update packages for Trusty's Universe >> (for 35524 packages) and 1371 updates for Precise's 29406 packages... >> >> I admit that the numbers for multiverse are much lower (27 and 1), so >> your point is valid as soon as you enable the multiverse (672 and 741 >> packages). I guess you wouldn't get a very capable Ubuntu system if you >> disabled the Universe. >> >> Here is a table: >> >> Relase | Section | Packages | Security Updates >> Precise | Main | 8076 | 5407 >> Precise | Universe | 29406 | 1371 >> Precise | Multiverse | 672 | 73 >> Trusty | Main | 8566 | 526 >> Trusty | Universe | 35524 | 266 >> Trusty | Multiverse | 741 | 27 >> >> Numbers for Wheezy and Squeeze: >> >> Relase | Section | Packages | Security Updates >> Wheezy | Main | 35944 | 1193 >> Wheezy | Non-free | 475 | 0 >> Wheezy | Contrib | 210 | 0 >> Squeeze | Main | 28212 | 1777 >> Squeeze | Non-free | 403 | 0 >> Squeeze | Contrib | 187 | 1 >> >> So by sheer numbers Ubuntu has the better security. But I'm the first to >> admit that those numbers don't mean a lot except that somebody was >> really busy building packages... >> >> Lupe Christoph >> -- >> | The politician's syllogism: | >> | We must do something | >> | This is something | >> | Therefore, we must do this. | >> >> >> -- >> To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact >> listmas...@lists.debian.org >> Archive: >> https://lists.debian.org/20140518140522.ge22...@lupe-christoph.de >> >> >
