>>Easy there, partner... Your assumption that all 102 'vunerlabilities' deal with Mandrake is in error.
>
>I'm sorry if you misunderstood. My intention was not to imply all 102 vulnerabilities deal with core Mandrake or that they were all critical issues. My intention is to point out the web link to research any and all possible vulnerabilities on all systems before anyone takes the step of installing any system. Each person should research all issues with ANY system before installing it and I was providing the link.
>
>
>http://search.cert.org/query.html?col=certadv&ht=0&qp=&qt=mandrake&qs=&qc=&pw=100%25&ws=1&la=en&qm=0&st=1&nh=25&lk=1&rf=2&rq=0&si=1
>
>Above are the only 'advisories' (there are 86 vulnerabilities, but not all vulnerabilities are mandrake specific or critical) actually dealing with mandrake or another system employed or included with Mandrake, and there are only 8 of those (actually very good). Regardless of whether or not they deal with Mandrake directly or another system packaged with Mandrake, the user should be aware of them and know how to deal with them if necessary. The link is an important one for checking on future vulnerabilities and the availability of patches from Mandrake when appropriate.
>
>By providing the link, I was hoping to enlighten everyone of those issues that do deal with Mandrake and its provided services as well as a location to go to keep up-to-date on all future vulnerabilities. Everyone must decide for themselves how much is too much and whether or not it is an exceptable risk. Regardless if the issue is specific to Mandrake or one of its provided services, if run that service, it is best to be aware of it.
>
>I applaud your knowledge of Mandrake, but you cannot assume that all users (especially new ones) will have the same knowledge and experience that you do with using this system and keeping up with the issues and patches is not as easy for everyone as it is for you. The link will let mandrake users know what issues are relevant and when to expect a patch when one is needed from the vendor.
>
>It's a starting point. Also, before installing any system, it is best to check out the security issues (especially when you are installing the system for security purposes).
>
>Tracy

Actually, for Linux distros, the best place to look for security issues is at the webstite of the Linux distro one is using. ALL the leading, non-propriatary Linux distros encourage immediate release of information related to newly discovered vulnerabilities and prefer to see demonstration code supplied. Anyone can enter a bug or security report at Mandrake Bugzilla: https://qa.mandrakesoft.com/query.cgi
Here is a list of all know bugs in Mandrake 8.2
https://qa.mandrakesoft.com/reports.cgi?product=-All-&output=most_doomed&links=1&banner=1&quip=0

That way, the user can use the demo code to test the 'fix' that the distro provider released to prove that the vulnerability was indeed fixed. This is one reason why the time lapse between the discovery of a security hole and it patch has been as short as a couple hours and rarely longer than a couple of days. Meanwhile, the user (personal, home or business) is not kept in the dark about the security hole and can take appropriate protective action until a patch is in hand. This encourages software house from setting on security hole information until their next version release, leaving their clients exposed to the crackers who are already well aware of these security holes because they have good information networks with which to share them among themselves.

For Mandrake 8.2 one can visit the following website:
http://www.mandrakelinux.com/en/security/mdk-updates.php3?dis=8.2


Or, one can subscribe to the Mandrake security mailing list, which guarantees they will be informed of the latest bugs and security holes ASAP.
http://www.mandrakesecure.net/en/mlist.php

In fact, Mandrake includes the Mandrake Software Manager, which includes an automatic updates/security patch function. THis function could be run on a daily basis if someone wanted to, or when every a security email was received. It is secure, transparent and automatic. So, one doesn't have to ask or be told about any security holes. Just run the security update feature as often as you'd like (it takes about a minute on a broadband connection) and tend to the business of running your business.
JLK