Mandrake has a lot, and I mean a lot of security problems. In some cases there are just "some bugs", as §in_tax says, but in other cases there are huge problems, and it takes Mandrake Soft ages to come up with the patch required.

This article touches different subjects, and one of them is the (lack of) security in Mandrake.

To save you the pain of reading it (it's quite large) I'll give you some quotes :

- "There is exactly one person doing the updates (Vincent Danen)."

- "A known vulnerability to Mozilla (the most popular web browser in the Linux world) was allowed to sit in the queue for 6 months. Why you ask? Because Vincent didn't have the expertise to do a Mozilla update."

- "The maintainers for the packages don't maintain their packages. They toss them up there and forget about them once the version releases for the most part. No matter how dire the security threat, developers never put the priority on those updates. Nor does the Quality Assurance department."

- "The updates that get produced are supposed to be reviewed by QA. Often QA is slow or flat out too busy working on cooker to bother with security updates. Often updates get pushed out without QA approval because they've simply waited far too long and really need to be released. Even if QA does do any testing, they severely slow down the update release cycle. Opening more of a window for crackers to gain access to your machine running Mandrake."

- "Mandrake makes available downloads of ISOs. The ISOs contain the public keys that are used to validate the security updates that you download. Unfortunately, those ISOs are not signed with any key. So the ISOs that you download from all of the mirrors, which Mandrake does not control, could have modified versions of the ISO with an extra key."

This are just some points. I for one like Mandrake, for the efforts it made to make it user friendly, but I also agree with sinetific. It has some real security problems, and when it comes down to it, you have to get down and fix them yourself, and the userfriendly part will not help you.