> Not that it matters, but the last time I checked, SL had not released > their 4.9 or 5.6 releases either. On the other hand, unlike CentOS, Scientific Linux (SL) is backporting 5.6 security fixes. Indeed, all of the security issues CentOS 5.5 has right now aren't in SL. > SL is a fine product and people can use it if they want, but lets not > pretend that they are releasing every point release before CentOS. They haven't. Indeed, before 2009 they significantly lagged behind CentOS. However, for the last two years, every SL release has been on before the CentOS release, or within two weeks of the CentOS release. [Left column CentOS release date, right column SL release date. > 4.8 08/22/09 07/21/09 > 4.9 03/02/11 For 4.9, I say "not applicable"; SL is current with security fixes, and, as I understand it, 4.9 is just 4.8 + security fixes. Indeed, CentOS isn't mastering iso images for 4.9. > 5.3 04/01/09 03/19/09 Within two weeks. > 5.4 10/21/09 11/05/09 SL was two weeks after the CentOS release. > 5.5 05/15/10 05/19/10 CentOS won--by all of four days. > Don't get me wrong, SL is a good build and I highly recommend it ... but > they do not beat CentOS on releases by months as seems to be insinuated > here in the last couple of weeks. SL is tied with CentOS for all 2009, 2010, and 2011 releases. What tips the scales in SL's favor is that they have a solid policy in place to have timely security updates: https://www.scientificlinux.org/documentation/faq/errata And, yes, I am repeating myself, but all 5.6 security updates are available for SL 5.5 users until they can master some SL 5.6 ISO images. This has been SL's policy for over a couple of years: http://ever-increasing-entropy.blogspot.com/2009/08/perfect-illustration-of-why-i-now.html I blogged about why I am in the process of making the switch to SL here: http://set.tj/+kcsa http://samiam.org/blog/20110319.html --- As an open-source developer, I understand the frustration of working hard and having a lot of freeloaders not appreciating my work. I feel people posting here talking about how unprofessional CentOS is acting are completely missing the point: CentOS is acting unprofessional because, well, they aren't being paid. Being professional means that money is changing hands. A person does not get treated like a customer unless they are paying customer. Just as most restaurants don't allow people to sit at their tables unless they order something, open source developers have no obligation whatsoever to their users unless said users appropriately compensate them for their time. CentOS has no obligation to ever make another security patch again. They have no obligation to release 5.6, 6.0, or any other release of their software. Quite frankly, I think Karanbir Singh would be in his right to say "Listen, I need to spend more time with my family and can not continue working on CentOS unless I get paid for my time". Yeah, a lot of freeloaders would flame him for asking for money (look at the flame fest the Nexuiz developers got when they commercialized their open-source game), but this is a perfectly healthy boundary for an open-source developer to establish. Some developers don't like announcing boundaries like that; a lot of open source projects never formally die. They have this way of becoming inactive without any formal announcements and just floundering. I've seen this tape played many times before: http://maradns.blogspot.com/2009/09/rant-putting-closure-on-project.html Another example is djbdns, which is over ten years old; the last formal release of djbdns has three known security holes: http://set.tj/+kcvb http://samiam.org/blog/20110103.html - Sam