On Tue, Aug 11, 2009 at 5:25 PM, Ian Murraymurrayie@yahoo.co.uk wrote:
I am troubled by the window of opportunity that a hacker has between RH releasing a point release and CentOS releasing the equivalent. Every RH published errata for that stream is a known weakness to your system and there is not a sausage you can do about it until the CentOS project delivers the point release. The quicker it is, the less of a problem, but the slower it is, the more exposed you are. CentOS have not exactly been knocking out the updates very quickly.
If security and immediate updates is your main criteria, then you probably are better off with RH. But a lot of people use CentOS and, as far as I can tell, there have not been any major security problems caused by the unavoidable delay between RH's release and CentOS's release. But, as someone else mentioned here, a mixture might be your best option. RH on critical servers and CentOS on less critical ones.