Package: harden-doc Version: 3.10 Severity: normal Hi!
Section 12.3.7 _How is security handled for testing and unstable?_[1] still states that security is not handled in testing and unstable. I think that this is becoming more and more outdated, as the Debian testing security team progresses in making testing more and more secure. This section should at least mention the Debian testing security team and its efforts to enhance the security of the testing and unstable branches. BTW, although comparing the security of two OSes is hard, even when the two systems are similar enough (I think Debian stable and Debian testing are fairly more similar to each other than, say, to Windows XP or to MacOS X...), the Debian testing security team seems to have made great progresses: from a simple vulnerability count, based on the data provided by the Debian security bug tracker[2], it could even be concluded that testing is currently more secure than stable, and has been so for quite some time. At the time of this writing, the situation is as follows: unstable testing stable ==================================================== low 39 21 146 medium 17 12 77 high 25 10 18 unclassified 31 35 52 ---------------------------------------------------- both in testing & unstable 58 fixed in unstable 20 fixed in testing-security 0 ---------------------------------------------------- total 112 78 293 ---------------------------------------------------- YMMV, and I admit that counting the number of vulnerabilities is not enough to accurately assess the security of an OS. We should at least also take the "time to fix" into account (BTW, I would really be interesting in seeing such a comparison, if someone has collected the relevant data: does anyone have an URL to point out?) [1] which is inside http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s-debian-sec-team-faq [2] http://security-tracker.debian.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]