The article is indeed one-sided and often makes exaggerated claims.
One example: "This is in contrast to a rolling release model, in which users can update as soon as the software is released, thereby acquiring all security fixes up to that point. "
This ignores that facts that new releases are the only source of new vulnerabilities.
Plus, new vulnerabilities are still to be reported. A 0-day in the wild is usually worse than a published vulnerability: at least you can learn about the latter and take decisions on how to handle it.
Also, security patches are usually patched and released earlier right on rolling release distros right? I know they are when its a critical vulnerability.
They also ignore effort of some distributions to backport fixes to their supported version of the software as well as promoting the maintenance-mode or ESR releases of software.
The article is indeed one-sided and often makes exaggerated claims.
One example: "This is in contrast to a rolling release model, in which users can update as soon as the software is released, thereby acquiring all security fixes up to that point. "
This ignores that facts that new releases are the only source of new vulnerabilities.
Plus, new vulnerabilities are still to be reported. A 0-day in the wild is usually worse than a published vulnerability: at least you can learn about the latter and take decisions on how to handle it.
Also, security patches are usually patched and released earlier right on rolling release distros right? I know they are when its a critical vulnerability.
They also ignore effort of some distributions to backport fixes to their supported version of the software as well as promoting the maintenance-mode or ESR releases of software.