No. Only pointing out that the size of downloaded fixes has nothing to do with how good the code is. It has no use as a metric unless you start with even the most elementary of assumptions that the programmers have the same "attitude."

Perhaps theres just more holes in linux. Wasn't long ago people were saying Linux had no holes.

Good one, Pit!

- Gurm

Of course Linux has holes, but they get fixed much sooner than on any other platform.

Also if a user opens up something that is bad, then only what he has write access to will get affected. So as long as people who tend to open anything they can run don't have root or administrator access, the whole system won't get taken down.

Funny I'm sure I saw at least one where the users rights get elevated to root but then I could be wrong.

Of course your depending on users to install Linux correctly and not be logging on with root privilages.

This is what Linux users used to love saying.

Linux isn't bloat
Linux doesn't have security flaws
Linux runs faster than Winblows
Linux is easier tioo setup
Linux doesn't have virus's like winblows.

Only the last holds fairly true as not many are written for the system which is the same for macs.

No one ever believed that BS, no credible source has said linux has no holes, its just that the fix is available BEFORE its a problem.

Forget the empty rhetoric, this thread is/was about a MAJOR security hole that now has an available fix.

700Meg of security fixes?, you did a web update and installed every availble bug/security/update for a bloated install...that probably include the full Kernel source code for an updated kernel amongst other things, what did you expect?

did you know that most virusses / hack attacks use exploits that have often been fixed already for ages too? MSBlaster is one of those countless examples.

Not a bloated install why should I do a bloated install when I use mainly for telnet to unix box. Also I haven't done any kernal installs unless Mandrake slipped one in when i wasn't looking.

Meanwhile RH 9 which I installed the same time and did a part bloatware install has had fewer updates but still goes well over 100 mb of updates in the same period.

A fix before a problem only if people update and if you're on a modem you ain't going to be downloading 300mb and very reluctant too download 24mb. By the way Mandrake still haven't made the kernal available via their web update.

I love LUsers. They're so... dense.

- Gurm

A small server with limited servers..etc with telnet would probably close to 700mb for the total installation?.

I have installed 9.2 on a couple of machines, quite bloated(as is my preference) and the securtiy updates were not even close to 700mb.

And the kernel source(9.2) was not included on the the 3 cd set, it IS available as a webupdate, and if you use the proprietry ATI driver, chances are you will need to get the kernel source to create a customised AGP module.

Incidentally if there is a security update for something that you are not using and you install the update, you have just installed somthing extra, not updated!

The simple fact is, most linux exploits are found published and fixed, if you don't update you will be insecure. Whereas with windows, someone finds the exploit writes a virus/worm and then some months later virus software writers send out updates to detect and clean and then later on an official patch to block the hole appears.

But with either OS you are left in the hands of the user. If they open dodgy stuff and/or don't update then there is no magic OS that is going to be able to deal with that.

So you're saying Mandrake doesn't check what you've got installed and just says hi you need this fix.
As I said earlier the new kernal isn't on the web update or for some reason it ain't saying I need it.

I've got one. It's called three heavies and baseball bat OS. You did what! Whack bash Whack.

I am not sure about MDK with the security fixes, I have seen fixes that I definitely don't need (packages not installed etc) so I don't update them unless I know I have them installed.

The best way to update mandrake is to configure your sources(for web update) and then type

urpmi --auto-select
(or something similar)

In the console, yes I do know I keep harping on about liking gui tools, but this by far the easisast way to update mandrake.

Sadly in this day and age you shouldn't have to do that.

True, It does suck but on my win2k machine at work I only have IE 5.5 installed with no intention of installing 6, as I use firebired.

But every time I do a security update, there is 500k IE 6 update, which is actually the installer for the full 50+ megs of IE6. I have to uncheck that one every time!. So its not a unique problem(not even mentioning win media player)

Maybe they will fix it in mdk 10....heh