On Wed, 2002-01-16 at 01:07, Javier Fernández-Sanguino Peña wrote: > Already did it yesterday (except for th column with the data). > See > http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.3
Please consider removing any reference to the average amount of time in the FAQ: "...it took the Debian Security Team an average of 35 days to fix security-related vulnerabilites." An average based upon a very long tail is highly misleading. Please quote the median time to fix a vulnerability instead. This will will be less than or equal to 10 days given this statistic: "over 50% of the vulnerabilities where fixed in a 10-days time" Because of this research it looks like Debian's security information page will have to be changed: http://www.debian.org/security/ "Debian takes security very seriously. Most security problems brought to our attention are corrected within 48 hours." That's just not an honest description of what's occurred. It appears from the research that most (i.e. > 50%) of security problems are corrected within 10 days, not 48 hours. I still need to be able to download that spreadsheet. I have viewed the PNG picture. Regards, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]