> From: "Chris Robinson" 
> Geo. wrote:
>> "Chris Robinson" 
wrote in message
>> news:4033546d$1{at}w3.nls.net...
>> 
>> 
>> > The simple basic fact here is that the comparison is unfair.  Lets
>> > forget for a moment who's responsible for any patches.
>> 
>> what is a "windows" patch?
>> 
>> If I run W2K and a patch that only affects XP comes out, is that a
>> windows patch? my distribution of windows didn't need it so how is
>> this different from one linux distribution requiring a patch when
>> another doesn't? If one distribution doesn't require the patch then
>> you aren't calling it a linux patch so should I not consider XP only
>> issues to be something separate from windows security issues?
>> 
>> Geo.
> I mean comparing a version of Windows (so yes, XP/ 2000/ whatever) to a
> distribution of Linux (Redhat 9 in this case) - I should have been more
> clear on that.  Saying "Windows patches" would be unfair to Windows
> IMHO.  So, you could do Windows XP vs RedHat 9 for example - not
> "Windows" vs Redhat 9.

I think it depends on the problem. The recent Linux kernel memmap thing is
a good linux example

http://lwn.net/Articles/71682/

"Synopsis:  Linux kernel do_mremap VMA limit local privilege escalation
           vulnerability
Product:   Linux kernel
Version:   2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2"

As are some of the recent Windows ones (e.g. the ASN.1 one & the DCOM one)

Adam

--- BBBS/NT v4.01 Flag-5