The article is indeed one-sided and often makes exaggerated claims.
One example: "This is in contrast to a rolling release model, in which users can update as soon as the software is released, thereby acquiring all security fixes up to that point. "
This ignores that facts that new releases are the only source of new vulnerabilities.
Plus, new vulnerabilities are still to be reported. A 0-day in the wild is usually worse than a published vulnerability: at least you can learn about the latter and take decisions on how to handle it.
Also, security patches are usually patched and released earlier right on rolling release distros right? I know they are when its a critical vulnerability.
No. It depends on the distribution, but both Debian and paid distributions give maximum priority to patching vulnerabilities on stable/LTS releases. In various cases they are faster than the upstream developers.
They also ignore effort of some distributions to backport fixes to their supported version of the software as well as promoting the maintenance-mode or ESR releases of software.
The article is indeed one-sided and often makes exaggerated claims.
One example: "This is in contrast to a rolling release model, in which users can update as soon as the software is released, thereby acquiring all security fixes up to that point. "
This ignores that facts that new releases are the only source of new vulnerabilities.
Plus, new vulnerabilities are still to be reported. A 0-day in the wild is usually worse than a published vulnerability: at least you can learn about the latter and take decisions on how to handle it.
Also, security patches are usually patched and released earlier right on rolling release distros right? I know they are when its a critical vulnerability.
No. It depends on the distribution, but both Debian and paid distributions give maximum priority to patching vulnerabilities on stable/LTS releases. In various cases they are faster than the upstream developers.
They also ignore effort of some distributions to backport fixes to their supported version of the software as well as promoting the maintenance-mode or ESR releases of software.