@cwansart IMO, the answer is no, as it depends more on many other factors. E.g. I have seen often enough that things are sometimes no longer fixed in #debian. It could even be that with rolling releases you get a fix earlier than the #backport for an #lts version is ready.

Of course, #distribution also plays a role, but I think it is more important to keep the #attackvectors as low as possible, i.e. to keep the system as minimal as possible. Fewer packages mean fewer potential #vulnerabilities.

@enigmatico At least #Microsoft works hard to increase #AttackVectors for #Azure / #Office365 / #OfficeOnline...

But hey, whoever uses that shit has basically given up on #ITsec, #InfoSec, #OpSec & #ComSec anyway and naively believes that jst because "everydoy else does it too" it won't bite them in the ass once @noybeu is done with the #GAFAMs...