Marko Vojinovic wrote:
Why don't you go with the SL or even pay RH, if you are that concerned about hacking attempts? It seems clear that CentOS is not a good distro for you if you are not satisfied with its update schedule. I believe it is better to make a different choice of distro, than to ask for substantial changes in the current one, especially if other people should do that extra work for you.
And please don't tell me that SL has other flaws. If security is your first and most important concern, the best thing is to buy RH, it is definitely worth it. If you cannot invest money, go with SL, they have faster updates. If things break, well, at least you didn't get hacked. You should evaluate what is best for your situation and go with it, not ask CentOS to be both rock-solid and fast with updates at the same time.
First off, after reading this thread, or should I say book, entirely, like a few others have said, I thank the CentOS developers greatly for all that they do. They spend an incredible amount of time keeping this project going, and I think they do a great job at it, considering it costs nothing to us as users.
What we do at my employer is exactly that. We pay for RH support and updates on business critical servers, and servers that are facing the outside world. We get our updates quickly, and have support available should we need it on those machines that we feel are critical in this regard to security and support.
CentOS fits into our organization by utilizing it for all non-critical deployments, PCs/workstations where they can be used, along with terminals and backup servers inside the network. A lot of our CentOS installations are actually virtualized too. It works out perfectly for us this way.
If you absolutely need updates and your main concern is security, buy some RH support on all machines that you're worried about. Then utilize CentOS on the inside where it's probably not so critical that a patch isn't applied for a few weeks.
This philosophy has served up very well over the years, and we've never had any issues in this regard. CentOS saves our non-profit organization a lot of money every year by applying this configuration, and we get the feel good fuzzy feeling that we have outside machines patched immediately.
While I think there probably are or have been some communications issues with CentOS, I don't think it warrants beating up the developers over it. I cannot begin to understand the build process, since I'm not a developer, but I think people need to cut some slack to those that offer you a product free of charge.
Personally my company chooses and sticks with CentOS because it has been rock-solid, and is always 100% compatible with upstream, which is important to us.
I'm a very un-important CentOS user, but this is how my company runs things, and how we feel, and perhaps you should consider this as well.
Regards, Max