The article is indeed one-sided and often makes exaggerated claims.
One example: "This is in contrast to a rolling release model, in which users can update as soon as the software is released, thereby acquiring all security fixes up to that point. "
This ignores that facts that new releases are the only source of new vulnerabilities.
Plus, new vulnerabilities are still to be reported. A 0-day in the wild is usually worse than a published vulnerability: at least you can learn about the latter and take decisions on how to handle it.
No. It depends on the distribution, but both Debian and paid distributions give maximum priority to patching vulnerabilities on stable/LTS releases. In various cases they are faster than the upstream developers.
deleted by creator
The article is indeed one-sided and often makes exaggerated claims.
One example: "This is in contrast to a rolling release model, in which users can update as soon as the software is released, thereby acquiring all security fixes up to that point. "
This ignores that facts that new releases are the only source of new vulnerabilities.
Plus, new vulnerabilities are still to be reported. A 0-day in the wild is usually worse than a published vulnerability: at least you can learn about the latter and take decisions on how to handle it.
deleted by creator
deleted by creator
No. It depends on the distribution, but both Debian and paid distributions give maximum priority to patching vulnerabilities on stable/LTS releases. In various cases they are faster than the upstream developers.