Package: harden-doc
Version: 3.10
Severity: normal
Hi!
Section 12.3.7 _How is security handled for testing and unstable?_[1]
still states that security is not handled in testing and unstable.
I think that this is becoming more and more outdated, as the
Debian testing security team progresses in making testing more and
more secure.
This section should at least mention the Debian testing security team
and its efforts to enhance the security of the testing and unstable
branches.
BTW, although comparing the security of two OSes is hard, even when
the two systems are similar enough (I think Debian stable and Debian
testing are fairly more similar to each other than, say, to Windows XP
or to MacOS X...), the Debian testing security team seems to have
made great progresses: from a simple vulnerability count, based
on the data provided by the Debian security bug tracker[2], it could
even be concluded that testing is currently more secure than stable,
and has been so for quite some time.
At the time of this writing, the situation is as follows:
unstable testing stable
====================================================
low 39 21 146
medium 17 12 77
high 25 10 18
unclassified 31 35 52
----------------------------------------------------
both in testing & unstable 58
fixed in unstable 20
fixed in testing-security 0
----------------------------------------------------
total 112 78 293
----------------------------------------------------
YMMV, and I admit that counting the number of vulnerabilities is
not enough to accurately assess the security of an OS. We should
at least also take the "time to fix" into account (BTW, I would
really be interesting in seeing such a comparison, if someone has
collected the relevant data: does anyone have an URL to point out?)
[1] which is inside
http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s-debian-sec-team-faq
[2] http://security-tracker.debian.net/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
