LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ubuntu, security response, and community contributions

Ubuntu, security response, and community contributions

Posted Jul 17, 2008 21:39 UTC (Thu) by bronson (subscriber, #4806)
Parent article: Ubuntu, security response, and community contributions 

> Well we have a better security track record than Red Hat

Funny, I was just checking some SSL certs this morning hoping they weren't generated on an
Ubuntu machine.

Why would the BDFL say this??  It's a divisive and questionable statement to make even if it
were true.  It's a poor way to build a community.

I'm typing this on Ubuntu Hardy.  Great distro.  But most secure?  "ranked number one?"  Not
in my experience.

(Log in to post comments)

Ubuntu, security response, and community contributions

Posted Jul 18, 2008 20:05 UTC (Fri) by nlucas (subscriber, #33793) [Link]

    Funny, I was just checking some SSL certs this morning hoping they weren't generated on an Ubuntu machine.

While I also don't think Ubuntu QA is notorious for it's track record you are actually mentioning the case they did everything right, from finding the bug to upstream fixing it (it was a Debian bug, not Ubuntu).

Ubuntu, security response, and community contributions

Posted Jul 19, 2008 21:17 UTC (Sat) by ceplm (guest, #41334) [Link] 

Security doesn't mean just patching fast, but also checking whether the patches make sense.
Which apparently the one from Debian for OpenSSL didn't, but the distribution with better
security record just didn't bother to take a look at patches for OpenSSL.

Ubuntu, security response, and community contributions

Posted Jul 21, 2008 10:37 UTC (Mon) by nlucas (subscriber, #33793) [Link] 

What you are asking may be nice words, but if any derived distro did that it would be more
work than starting one from scratch.

Ubuntu, security response, and community contributions

Posted Jul 21, 2008 19:46 UTC (Mon) by ddaa (guest, #5338) [Link]

> Why would the BDFL say this?? It's a divisive and questionable statement to make even if it were true.

Mark Shuttleworth is the SABDFL. The BDFL is Guido von Rossum.

Mark has been known to occasionally say and do things that were less than technically inspired (enforcing some custom hack on spatial nautilus) or politically appropriate (inviting suse developers to join).

That teaches us a few things:

  • Mark is not a corporate talking head. He sometimes says stuff that has not been vetted by Canonical.
  • Mark is not the Pope. Sometimes he says things Ubuntu do not agree with.
  • Mark is passionate about Ubuntu and Canonical, and he sometimes gets carried away.

It seems it happened again. I guess he stands corrected: he has certainly read this article.

Disclaimer: I worked at Canonical for four and half years.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds