On Tue, 2008-02-12 at 18:50 +0000, Martin Jürgens wrote: > But honestly, the time frame from the patches being published to > having security updates in Ubuntu was ~ 48 hours, which is good in my > opinion. Just compare it to once a month (granted that for such > critical bugs MS would probably do an exception)
Eh, not necessarily. Microsoft took 18 months to fix a critical remote code execution exploit in their TCP/IP stack: http://www.microsoft.com/technet/security/Bulletin/MS06-032.mspx http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx Ubuntu has done most excellently in getting this patched as soon as it did. Microsoft likes to sling mud at projects like Ubuntu for the number of open bugs that there are on the public bug trackers, but there is no point to it---it's pure FUD. We can't see what bugs they have in their internal trackers, and there are probably more of them (and far worse) than we have in ours. What we can see is that they take a long time to close critical security flaws in their operating system, and that is one of the many reasons there are to use Ubuntu. Let's not forget that. 48 hours? That's hardly nothing. Even 96 is nothing. --- Mike -- Michael B. Trausch [EMAIL PROTECTED] home: 404-592-5746, 1 www.trausch.us cell: 678-522-7934 im: [EMAIL PROTECTED], jabber Ubuntu Unofficial Backports Project: http://backports.trausch.us/ -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
