[CentOS] any significant differences between centos and OEL?

Sat Jan 23 18:22:00 UTC 2010
David G. Miller <dave at davenjudy.org>

Larry Vaden <larry.vaden at ...> writes:

> 
> On Sat, Jan 23, 2010 at 6:47 AM, Robert P. J. Day <rpjday <at> crashcourse.ca>
wrote:
> >
> >  someone just pointed out to me that there is a distro called "oracle
> > enterprise linux" which is effectively a re-branded RHEL, so i'm
> > curious -- has anyone here used both centos and OEL and would there be
> > any differences that would be worth caring about?
> 
> Unless Oracle has changed their policy in the last two years or so,
> the release cycle for critical patches (e.g., security fixes) is
> _very_ different.
> 
> Quarterly for Oracle, days for CentOS.  Again, observations are from a
> couple of years ago, but should be verifiable.  See a recent email
> below the sig.
> 
> kind regards/ldv
> 
> October 20th, 2009
> Oracle Critical Patch Update October 2009
> 
> Dear Oracle customer,
> 
> The Critical Patch Update for October 2009 was released on October 20,
> 2009. Oracle strongly recommends applying the patches as soon as
> possible.
> 
> <snip> ... </snip>
> 
> The next four Critical Patch Update release dates are:
> 
>   January 12, 2010
>   April 13, 2010
>   July  13, 2010
>   October 12, 2010
> _______________________________________________
> CentOS mailing list
> CentOS <at> centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

The rationale given at an Oracle presentation was that it reduces their support
costs while at the same time giving their customers a more stable platform. 
Consider the possibility that RH releases an update that breaks an Oracle
installation.  Someone running Oracle on RH ends up with a broken system and
finger pointing between RH and Oracle as to who caused the problem.  Someone
running OEL never sees the problem.

Given that most folks running OEL as their Oracle DB platform will have that
system well protected, locked down and not exposed to either internal or
external users.  Thus, security flaws that only relate to exposed systems become
less of an issue.  On the other hand, it means that OEL is only appropriate for
running an Oracle database server; not a web server, e-mail server, etc.

Cheers,
Dave