[CentOS] Trying to justify CentOS vs. RHEL

Wed May 8 02:41:57 UTC 2013
Jason Pyeron <jpyeron at pdinc.us>

> -----Original Message-----
> From: Bidwell, Christopher
> Sent: Tuesday, May 07, 2013 17:12
> Hi all,
> I'm in the process of moving all of my RHEL systems over to 

Why all? Lets keep that question in the back of our minds.

> CentOS but the argument that fires back at me is for critical 
> vulnerabilities for items such as zero-day exploits and such.
> >From what I've been reading, RHEL releases critical patches much 
> >quicker

If zero day patches are important to maintain your accredidation on your systems
then you need to have a support plan. That plan can either be a commercial
services provider, vendor support contract (RHEL), or an in house team to
support the system.

Using a service provider other than RedHat is kind of silly since purchasing
from RedHat support CentOS.

Staying with RHEL is a non-change.

Having an in house support team will be much more expensive as you will have to
have staff for each of the packages on the system.

> than CentOS which makes sense since CentOS is simply a copy 
> and when changes occur they propagate down to the RHEL 
> clones.  My question is what kind of time frame are we 
> looking at when a vulnerability (critical or
> high) is announced and a patch has been released for RHEL 
> does it get implemented into CentOS?

It has always been fast enough for us, but if it were not, we would help by
providing patches to the SRPM to CentoOS development team.

For offical specifics, contact me off list.

-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
This message is copyright PD Inc, subject to license 20080407P00.