> On Jun 17, 2020, at 3:46 PM, Leon Fauster via CentOS <centos at centos.org> wrote: > > The answer is not inherently in the distribution itself. Make your > analysis about your needs an requirements and the choice is then yours. > > One could argue that the gap between disclosure of one security issues > and the update via RHEL subscription is to big. Then a contract with > the upstream developer of the corresponding software component is a > better choice then relying in RHEL, right? Of course. My only question is whether the observation that the gap for CentOS 8 is indeed larger than we have come to be used to for CentOS 7. I'm certainly not, and I don't think anyone is, claiming that the CentOS teams owes us any particular response time. I just want to know if the claim that it's systematically significantly longer for 8 than 7 is in fact (empirically) true. Noam