Post, Mark K wrote:
How many of those patches were against packages that would not be in a
base Windows install? I didn't see any URL to the actual report, so I
can't answer that myself.
There's a Clayton's link to
http://www.microsoft.com/windowsserversystem/facts/default.mspx which
links to
http://www.microsoft.com/windowsserversystem/facts/analyses/sievolving.mspx
where you can download the report.
How many of the patches against Linux required rebooting, versus
restarting a service?
I've not discovered the specifics of the fixes for either side: I
imagine perusal of a SuSE mailing list would show the likely fixes from
that source.
I found the monthly update cycle for both interesting. How often do
people really patch their Linux systems?
How many problems does Microsoft know about that they haven't admitted
to having, and won't be issuing patches for?
How many of the Open Source patches were the result of pro-active bug
fixes, versus:
- denying a problem exists
- slipping a fix in quietly that hadn't been previously acknowledged
- refusing to fix at all, unless you're running the latest and greatest
XP?
Those are good Qs. It's hard for OSS vendors to ignore problems their
competitors are fixing, and whatever the commercial pressures and
temptations might be, Debian's not prone to them.
I'd want to know the specifics of what the fixes are, particularly the
critical ones. As I understand the report from my incomplete reading of
it, this would be included:
An updated lynx package that corrects a security flaw is now available.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
_I_ use lynx a lot, in scripts, and I'd be vulnerable. However, I use it
against very few sites (principally the Australian Stock eXchange and
Yahoo) so I think the actual risk is minimal. OTOH a similar bug in
Firefox, Mozilla or Konqueror... Or for Windows users, in IE.
I have to give Microsoft credit for greatly improving their security
over the last couple of years. That simply doesn't fix a security model
that's outright broken to start with.
The big problem arose when requirements changed resulting in acquistion
of software available for both Windows A Linux. Fair enough?
The requirement should have specified Windows 2000 and SLES8 and
plans/commitments for future releases. A cynic would say one of the
criteria of the software that was chosen was that it not be compatible
with SLES8: the package actually chosen required a glibc upgrade, and of
course if your sysadmin insists on doing that the system will break.
I've not read the entire report; once I discovered that it lost all
validity IMV, but I'd inspect it more closely were I choosing (or
advising in the choosing) between W and L. Not all the report is junk,
it does make some good points.
Mark Post
-----Original Message-----
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
John Summerfied
Sent: Wednesday, November 16, 2005 5:33 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Windows Server thrashes Novell's Linux
This came as a surprise to me:
http://www.theregister.co.uk/2005/11/16/microsoft_takes_stick_to_novell/
"... found the Linux system required an eye-watering 187 patches while
Windows needed just 37."
"... Novell system suffered 14 "critical breakages" while the Windows
system suffered none."
Comments?
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
