[CentOS] Apache 2.2 EOL - what is Red Hat's story for RHEL6?

Wed Sep 13 23:00:13 UTC 2017
Johnny Hughes <johnny at centos.org>

On 09/13/2017 08:10 AM, Alan McKay wrote:
>> I don't have any official knowledge, but I would suspect that they will
>> maintain httpd-2.2 throughout the lifetime of RHEL6.  Security issues
>> would be backported.  (If older versions of RHEL are any indication)
> 
> The basic problem is though that there won't be any security fixes for 2.2
> How can they back port something that does not exist?
> 
> Or do you mean you think they'll try to port a fix in 2.4 back to 2.2?
> Not even sure that will be possible.
> 
> Is there some way to get an official statement from RHEL on this?
> Like if I bought a licensed copy of RHEL and used it to open a support
> case or something like that?

Red Hat will provide security updates to whatever solution that they
have in RHEL-6 until end of life .. that is what they do and why their
Enterprise Linux has subscription costs .. see:

https://access.redhat.com/security/updates/backporting

The CentOS Project, on the other hand, does not make any security claims
of any kind for CentOS Linux at all.  We rebuild whatever source code
Red Hat releases for RHEL and the user must make sure it meets any
security requirements they have.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20170913/9f694186/attachment-0004.sig>