The current official Debian position on security regarding unstable and
stable:
"Q: How is security handled for unstable?
"A: The short answer is: it's not. Unstable is a rapidly moving target
and the security team does not have the resources needed to properly
support it. If you want to have a secure (and stable) server you are
strongly encouraged to stay with stable."
http://www.debian.org/security/faq.en.html
But my empirical observations are that this has not been true for
several years now: Debian unstable has been promptly supported with
security fixes.
Is anybody aware of any research regarding the relative security of
Debian unstable / testing / stable or similar Linux distributions?
Cheers,
Andreas