Quoting Anuerin G. Diaz ([EMAIL PROTECTED]): > *now puts on flame-retardant armor*
You won't get any argument from me. Comparing the number of security advisories just isn't useful, for several reasons: (1) Not all vulnerabilities are exploitable. Some are highly theoretical, in fact. (2) Just because the distribution ships a piece of software doesn't mean you installed it. (3) Just because you installed it doesn't mean you're running it. (4) Just because you're running it doesn't mean you're doing so in a vulnerable configuration. (5) Ultimately, it's the severity of vulnerabilities, the likelihood that you're _actually_ exposed to them, and the duration of the window of vulnerability that matters -- not the quanitity of "advisories". Here's a way to show why all of the above is true and relevant: Take any distribution. Remove all application software other than cd, ls, and your favourite shell. Bundle it up and offer it as your "secure Linux distribution". As Bruce Schneier says, security is a process, not a product. -- Cheers, Rick Moen Emacs is a decent operating system, [EMAIL PROTECTED] but it still lacks a good text editor. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
