If you see a GLSA somewhere else than from Gentoo first, then you are doing something wrong :)
Whatever I say here, this probobly being interpreted like crying, so I will keep it to a minimum: But I doubt that this study is anywhere close to representative. (For example, we never issued a GLSA for libmms, because we never had to according to our policy since it was unstable. So, did we get 0 points for this?). And please note that security cant do a shit about missing maintainers and so on. In fact, security is only a relatively small member of the whole security related chain, altough this may be surprising at first.
All I can say is, that I hope that they will continue the "study", because we will kick ass next time. We are already #2 of the community only distris (= no commercial background).
Kind regards,
Stefan
- [gentoo-security] SearchSecurity.com: "Linux pa... Wolfram Schlich
- Re: [gentoo-security] SearchSecurity.com: 'Linu... Vincent Rivellino
- Re: [gentoo-security] SearchSecurity.com: "... Hemmann, Volker Armin
- Re: [gentoo-security] SearchSecurity.com: &... Stefan Cornelius
- Re: [gentoo-security] SearchSecurity.co... Hemmann, Volker Armin
- Re: [gentoo-security] SearchSecurit... Carsten Lohrke
- Re: [gentoo-security] SearchSecurity.com: "... Wojciech Ziniewicz
- Re: [gentoo-security] SearchSecurity.com: "... Alex Efros
- Re: [gentoo-security] SearchSecurity.com: &... Stefan Cornelius
- Re: [gentoo-security] SearchSecurity.co... Graham Murray
- Re: [gentoo-security] SearchSecurity.com: "... Sebastian Kemper
- Re: [gentoo-security] SearchSecurity.com: &... Sebastian Kemper
