On Tue, Jan 15, 2002 at 02:04:38PM +0000, Tim Haynes wrote: > Colin Phipps <[EMAIL PROTECTED]> writes: > > It is not misleading in this case, the tail is the _most_ important part > > of the data. It doesn't matter if we patch every other hole in 10 minutes > > if we leave one open for months. > > Yes it does, if that remaining hole is merely a local non-root potential > vulnerability with no known exploit that's a PITA to fix - you *must* > weight the average accordingly.
Agreed, weighted mean (by severity of vulnerability and popularity of package) would be better, if suitable weighting could be devised. On Tue, Jan 15, 2002 at 01:55:18PM +0000, Karl E. Jorgensen wrote: > Are there any stats available on the number of people who have each > package installed? Relative popularity of packages can be got from the popularity-contest results (although this will tend to reflect workstations more than servers, since people running a secure server aren't likely to run something that sends their package list to anyone). http://people.debian.org/~apenwarr//popcon/ -- Colin Phipps PGP 0x689E463E http://www.netcraft.com/