I don't give a fuck of any of the bullshit that I'm reading. The only thing I know is that my server in production with Ubuntu 12.04 got fucked up from this Linux kernel exploit once an hacker got into a shitty Joomla installation: http://blog.zx2c4.com/749

Well, "people that have physical access" != "random people", and if your OS has obvious permission escalation breaches, I'm not sure you can trust it anyway.

Also, there only need one security breach in your browser for allowing remote code execution, so by that reasoning, any system with a browser is a compromised system.

Do you visit DistroWatch and click on your distro periodically? Because I don't know of a single individual that does. That's why it is not representative. DistroWatch is useful to read about distros. Usually, you already know what's in there for your distribution, and you'd only enter to compare a few if you want to switch. So, neither bounds one user to one distro (and the common case is that one user uses only one distro) nor to the distro he or she uses.

Yes, it is. Well, not a complete coincidence, as what it measures is curiosity about such distributions, but yeah, it has nothing to do with the number of users.



On the Mint issue, with information I've found on this thread I changed my mind. I thought this was a serious problem in general, because it sounds like they don't dispatch the updates, not like they are optional. If the user knows what he/she's doing, Mint is as secure as their upstream, Ubuntu, is. It is not so moron friendly as Ubuntu, though, having the user to think about the updates.

Ubuntu requires super user permissions to install updates. Ubuntu doesn't have a root account by default.

Are you suggesting that Ubuntu really has 50x more users than any other distro, and that twice as many people use tiny distros than the combined userbases of all well-known distros including Ubuntu?
Because that's what those WP stats say, and your dismissal is based on the premise that they're accurate.

There is no such thing as a super user. If you mean the command su: That stands for "switch user" and switches to root by default (but you can use it to switch to any user).
Do you mean you need root permissions? If so: Are you required to enter your root password? Or is there no password at all? Or do you have root privileges all the time? If you say no to the first and/or yes to the second/third question Ubuntu is a very insecure distro.

BTW: All that questions are serious, I never used Ubuntu for myself.

For reference: These are the numbers from Wikimedia (mostly Wikipedia visitors) http://stats.wikimedia.org/wikimedia...ingSystems.htm

I think Wikimedia can accurately detect Ubuntu. They probably cannot accurately detect other distros besides Android, and those hide in the "Linux Other", which lumps together the various desktop and mobile distros. Let's make an uneducated guess that there is a 50/50 split between desktop (ChromeOS etc.) and mobile (Maemo/Meego, WebOS, OpenEmbedded etc.) in "Linux Other". This means that Ubuntu has maybe 50% share of the desktop market, which kind of agrees with other available numbers.

For the cloud market, on Amazon EC2, we have Ubuntu at around 52% share, along with a generic 25% "Linux" lump: http://thecloudmarket.com/stats#/totals

An older survey was done as part of Linux.conf.au 2010, a conference for Linux professionals, and it showed Ubuntu at 69.3%, twice as much as the next distro Debian, which was used by 35.5% (multiple distros could be named by respondents).

I think it is plausible that Ubuntu runs on more than half and less than two thirds of all non-mobile Linux computers. Not 50x more share for sure.

Ubuntu uses the sudo mechanism. If the user is in the admin group, he can use the sudo command to run tasks with superuser privileges. Ubuntu will ask for the user's password then.

There is no password for the root account set by default. Before you can use the root account, you need to set a password (but it is not necessary as described above).

Apparmor is still in repo, you will notice this if you are USING it

Since Mint uses Ubuntu Repos, Apparmor is still in repo. In Ubuntu by default, Apparmor is disabled for the browser, the single most important place to use it! Since I use a custom Firefox profile with Apparmor, I would notice a missing /etc/apparmor/d directory very quickly and fetch the package after a new install from a Mint installer. If I am setting up a machine for someone else, I cannot use that Apparmor profile anyway as people would wonder why all the restrictions. I use the Apparmor profile as part of a layered defense to make CIPAV-type policeware harder to push to my machines used for activist work, it's not necessary for most users. If something REALLY counts I am going to use Tails, a specialized Tor-based security distro that runs from an immutable live image.

Mint does not claim to be a specialized security distro, Tails it is not and need not be. Webservers are another specialized use, requiring maximum security. Since Mint differs from Ubuntu mostly in the DE, why would anyone need a "mintserver" installer anyway?

Again, the only difference between Ubuntu and Mint Updates is the _default_ setting of Mint to not update things like Xorg and Kernel (level 4 and 5 updates). Enable the Level 4 and 5 Updates (by Mouseclick) and from now on you have the exact same update behavior just like Ubuntu...

It might be a good idea to point Ubuntu -> Mint changers to this difference in default setting (so they can decide how conservative they want to be), but thats all, why this whole drama about it?
...And WTF took that Canonical guy to pretend that Mint (not talking about LMDE by the way) does not get Browser updates at the same time as Ubuntu