Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
Privacy, Security, Encryption "Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Thread beginning with comment 222076
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Not enough info provided
by sbergman27 on Fri 16th Mar 2007 23:38 UTC in reply to "RE[2]: Not enough info provided"
sbergman27
Member since:
2005-07-24

"""
On most binary distributions in Linux, a single solved vulnerability typical means updating all packages linking against the package with said vulnerability.
"""

Sorry, but that is not true.

When, for example, glibc is updated, you don't have to update all the packages that link against it.

But there are plenty of other reasons that his "vulnerability scorecard" is of questionable validity.

Reply Parent Score: 2

dylansmrjones Member since:
2005-10-02

When, for example, glibc is updated, you don't have to update all the packages that link against it.

That's correct but tell it to RPM-package maintainers ;) - at least this was a major issue back when I used Fedora, and was one of several reasons for me to switch (switching to LFS was perhaps a bit too dramatic though, but I wanted to learn and be in control, and I was quite frankly pissed ;) ).

I'd like to hear the other reasons for his "vulnerability" scoreboard to be questionable. What did I miss? ;)

Reply Parent Score: 2

sbergman27 Member since:
2005-07-24

I've already posted the stuff that I thought was significant.

Others have done better.

Yeah, Fedora does have a rather nasty case of update diarrhea. ;-)

Reply Parent Score: 2