On Mon, Nov 17, 2014 at 7:52 AM, Peter Kjellström <cap at nsc.liu.se> wrote: > On Fri, 14 Nov 2014 14:22:46 -0600 > Johnny Hughes <johnny at centos.org> wrote: > >> Red Hat's Security policy for Production 3 Phase of the Life Cycle for >> EL5 is that they will only release "Critical impact Security >> Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories >> (RHBAs) may be released as they become available. Other errata >> advisories may be delivered as appropriate." > > This is essentially identical to the level of support you get if you > pay for EUS (extended update support). And I guess the thinking is that > that is a meaningful level of support to a significant number of > customers... Yes, the support policy for EUS is the same. You can find RH's resoning here: https://access.redhat.com/articles/rhel-eus (scroll down to the comment section near the bottom) > Personally I might had agreed if Important had been included but only > Critical is too thin for many use cases. I agree. I think the problem is that most users are unaware of the facts. So, they assume their systems are safe security-wise as far as they get all the updates. Akemi