On Mon, Nov 17, 2014 at 7:52 AM, Peter Kjellström cap@nsc.liu.se wrote:
On Fri, 14 Nov 2014 14:22:46 -0600 Johnny Hughes johnny@centos.org wrote:
Red Hat's Security policy for Production 3 Phase of the Life Cycle for EL5 is that they will only release "Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate."
This is essentially identical to the level of support you get if you pay for EUS (extended update support). And I guess the thinking is that that is a meaningful level of support to a significant number of customers...
Yes, the support policy for EUS is the same. You can find RH's resoning here:
https://access.redhat.com/articles/rhel-eus (scroll down to the comment section near the bottom)
Personally I might had agreed if Important had been included but only Critical is too thin for many use cases.
I agree. I think the problem is that most users are unaware of the facts. So, they assume their systems are safe security-wise as far as they get all the updates.
Akemi