Post, Mark K wrote:
How many of those patches were against packages that would not be in a base Windows install? I didn't see any URL to the actual report, so I can't answer that myself.
There's a Clayton's link to http://www.microsoft.com/windowsserversystem/facts/default.mspx which links to http://www.microsoft.com/windowsserversystem/facts/analyses/sievolving.mspx where you can download the report.
How many of the patches against Linux required rebooting, versus restarting a service?
I've not discovered the specifics of the fixes for either side: I imagine perusal of a SuSE mailing list would show the likely fixes from that source. I found the monthly update cycle for both interesting. How often do people really patch their Linux systems?
How many problems does Microsoft know about that they haven't admitted to having, and won't be issuing patches for? How many of the Open Source patches were the result of pro-active bug fixes, versus: - denying a problem exists - slipping a fix in quietly that hadn't been previously acknowledged - refusing to fix at all, unless you're running the latest and greatest XP?
Those are good Qs. It's hard for OSS vendors to ignore problems their competitors are fixing, and whatever the commercial pressures and temptations might be, Debian's not prone to them. I'd want to know the specifics of what the fixes are, particularly the critical ones. As I understand the report from my incomplete reading of it, this would be included: An updated lynx package that corrects a security flaw is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. _I_ use lynx a lot, in scripts, and I'd be vulnerable. However, I use it against very few sites (principally the Australian Stock eXchange and Yahoo) so I think the actual risk is minimal. OTOH a similar bug in Firefox, Mozilla or Konqueror... Or for Windows users, in IE.
I have to give Microsoft credit for greatly improving their security over the last couple of years. That simply doesn't fix a security model that's outright broken to start with.
The big problem arose when requirements changed resulting in acquistion of software available for both Windows A Linux. Fair enough? The requirement should have specified Windows 2000 and SLES8 and plans/commitments for future releases. A cynic would say one of the criteria of the software that was chosen was that it not be compatible with SLES8: the package actually chosen required a glibc upgrade, and of course if your sysadmin insists on doing that the system will break. I've not read the entire report; once I discovered that it lost all validity IMV, but I'd inspect it more closely were I choosing (or advising in the choosing) between W and L. Not all the report is junk, it does make some good points.
Mark Post -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of John Summerfied Sent: Wednesday, November 16, 2005 5:33 PM To: LINUX-390@VM.MARIST.EDU Subject: Windows Server thrashes Novell's Linux This came as a surprise to me: http://www.theregister.co.uk/2005/11/16/microsoft_takes_stick_to_novell/ "... found the Linux system required an eye-watering 187 patches while Windows needed just 37." "... Novell system suffered 14 "critical breakages" while the Windows system suffered none." Comments? ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
-- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/ do not reply off-list ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390