[CentOS] EL5 Security Policy for the final 3 years

Mon Nov 17 16:28:35 UTC 2014
Akemi Yagi <amyagi at gmail.com>

On Mon, Nov 17, 2014 at 7:52 AM, Peter Kjellström <cap at nsc.liu.se> wrote:
> On Fri, 14 Nov 2014 14:22:46 -0600
> Johnny Hughes <johnny at centos.org> wrote:
>
>> Red Hat's Security policy for Production 3 Phase of the Life Cycle for
>> EL5 is that they will only release "Critical impact Security
>> Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories
>> (RHBAs) may be released as they become available. Other errata
>> advisories may be delivered as appropriate."
>
> This is essentially identical to the level of support you get if you
> pay for EUS (extended update support). And I guess the thinking is that
> that is a meaningful level of support to a significant number of
> customers...

Yes, the support policy for EUS is the same. You can find RH's resoning here:

https://access.redhat.com/articles/rhel-eus
(scroll down to the comment section near the bottom)

> Personally I might had agreed if Important had been included but only
> Critical is too thin for many use cases.

I agree. I think the problem is that most users are unaware of the
facts. So, they assume their systems are safe security-wise as far as
they get all the updates.

Akemi