View Single Post
Old 6th March 2011
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

Quote:
Originally Posted by c_moriarty View Post
I'm assuming that bugs and security issues would be reacted to more quickly in certain Linux distributions (Fedora, OpenSuse, Ubuntu) than they would be in FreeBSD or NetBSD... Isn't that correct?
This is debatable and likely ass-backwards at that.

When FreeBSD or NetBSD have a security issue to fix, they can commit it whenever they need to, and notify all listeners to update their systems. The whole process could take ${time to fix bug} + 5 minutes. This is the advantage of near-total control over your distributions source.

Fedora on the other hand can report the issue to the maintainer and wait for a fix, optionally committing one or more of their programmers to help fix it (not likely for most rpm). Then wait on that patch to be included by the upstream maintainer (Linux kernel, Samba, etc), and push it out to all listeners. The whole process could take ${time to report bug} + ${time for upstream to fix bug} + ${time for fedora maintainers to notice bug fix} + ${time to make new RPM}. This is the disadvantage that your product is made up largely of other peoples products.



Stuff in the ports collection works the same way as Fedora. In the case of Debian folk, the process may look more like: Ugh, bug. Fix it -> maybe tell upstream -> give all users own patched version of code -> upstream tells us we created 5 more bugs and have brain damage. No offense to other Debs .




If you don't like compiliation from source, you will want
  • To relax your interest in security, source and its integrity is GOD.
  • To not use a SOURCE based OS.
  • To find a distribution with a well defined security policy and a Rapid Response Team that sleeps on the desk of upstream security issues.


If you just don't like the time it takes to compile stuff from source, buy a faster computer. If you think that's stupid, let me point a finger to a box across the room that has a 500Mhz CPU and note it compiles a hell of a lot slower than the multiple multi-core Xeon processors the build box at work uses for compiles.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote