The secuirty of the system is less about the distro and more about the administrator. Becuase of this, and the nature of people, distros that automatically (versus manually) do stuff are probably more secure(on an average person's install) because the security stuff actually gets done (and properly). The other important part of security is applying patches as soon as possible. On the package based distros this is just a few seconds work, so it usually gets done in a resonable period of time. On distros that you compile everything it often gets put off because of the compile and debugging time.
|