Bad article on fridge

Jan Claeys lists at janc.be
Wed Aug 9 18:35:24 BST 2006 

Op wo, 09-08-2006 te 16:07 +0100, schreef Matthew Revell:
> On 08/08/06, Jan Claeys <lists at janc.be> wrote:
> 
> I wrote the headline and article on the Fridge.
> 
> > "Ubuntu fastest to fix security bugs"
> > "Ubuntu fixes security bugs first"
> 
> Either of those would have been perfectly good headlines/titles for
> it. I went with "Ubuntu top for security" mainly because it was short,
> yet said what I thought was the most important point from the article.

The article is also a bit one-sided IMHO, and we don't have to believe
all they say on the internet...   ;-)


> The Fridge is our PR window on the world, as well as a news source for
> people already in the community. Now, that doesn't mean it should be
> inaccurate. I don't feel, though, that the headline is inaccurate. I
> actually think it works well as a headline because it gives a very
> good idea of the article, without going into too much detail. However,
> I'll certainly bear in mind that one or two people felt it didn't do
> justice to the original study.

The article only looked at one aspect of distro security, using a third
party source (Secunia), and AFAIK without verifying whether there was
sometimes a delay between the distro releasing fixes and Secunia
reporting them.

Secunia doesn't send its security mails at the same time as the distros
do; to give you some examples, today the libwmf vulnerability fix for
Ubuntu was announced by Ubuntu at 11:14 CEST, and announced by Secunia
at 17:32 CEST, while Debian announced a problem with krb5 at 8:10 CEST,
but Secunia only reported it at 17:02 CEST.

I guess this "study" is as almost as scientific as a /. poll.   ;-)


> > At least, that's closer to the truth--as they only tested a couple of
> > distros...  ;-)
> 
> As has been said previously, the study looked at a good many of the
> most popular distros, not just a couple.

Windows is still a lot more popular than Ubuntu, and OpenBSD is a lot
less popular, but that doesn't say anything important about their
(in)security.  And compared to the number of distros in existence, only
a couple were listed.


-- 
Jan Claeys

More information about the sounder mailing list