I have been subscribed to the Red Hat enterprise-watch-list for a week and there has been about 12 Red Hat Security Advisories.
The last Debian Security Advisory was 2 weeks ago. That amazes me considering RH Enterprise is considered stable and it has far fewer packages.
[root@RHES ~]# up2date --showall | wc -l 1468
debian$ grep Package: /var/lib/apt/lists/ftp.monash.edu.au_pub_linux_debian_dists_sarge_main_binary-i386_Packages | wc -l
Hmm… can that be right? I think there is 8633 packages in Sarge…
Is Debian keeping up? Are there mechanisms to compare security related problems between distrbutions?
Most likely is that RH is using more “bleeding edge” software. I have personally dealt with security updates of Wordpress, yet those don’t make advisories as the package is not in stable.
Redhat does seem to by default update to these updates automatically. Maybe Debian should do that?