On Sat, August 19, 2006 9:37 pm, Rik Tindall wrote: > Nick Rout wrote re: >>>
>> Rik you are becoming obsessed with this kde / gnome thing which is >> entirely unrelated to the slurvery you pointed to. You'll realise too >> thet mepis (kde) will have the same score as ubuntu (gnome) and kubuntu >> (kde) because they all share the same repository base and all get >> updates available at the same time., > > No. Because the updates are for the desktop software security too. So > far, I have only learnt to trust Gnome, as these are very regular. I > can't speak for how those Kde distros' updating works by comparison. > are you saying that ubuntu/mepis don't provide security updates for kde? That seems an extrardinary proposition. Do you have a reference for that? >> Anyway the methodology is so clearly screwed that the survey is not >> worth the elsctrons its transmitted on. > > You'll have to provide some Korroborating evidence :) The methodology was "if a distribution fixed an issue on the earliest date, it would receive a score of 100 for that issue; if it was the last vendor to fix the issue, it would get a score of 0." To discover what I comprehend as the problem with the methodology consider taking the survery between two hypothetical distros A and B and two vulnerabilities X & Y. With X distro A provides a fix on day 2 and gets a score of 100 because its first, distro B provides a fix on day 3 and gets a score of 0 because it is last. With Y distro B provides a fix on day 1 and gets 100 because it is first, distro A waits for 38 days and gets 0 as it is last. So far both have scored the same, despite the fact that B is better in terms of "average time to respond". Also the survey doesn't seem to give any weight to the seriousness of the issue, rating solely on time to respond. And intuitively anything that rates OpenBSD that far down the list just has to be questionable. Open BSD has the primo reputation for security.
