Jeff Lasman said: [snip] > What we need is continued vulnerability-patching for core releases for a > long time. Then you need either a) a team of coders to backport security fixes to the versions of the software you want to use or b) buy RHEL and rent Red Hat's team of coders to backport security fixes. > While that might seem to make us primary candidates for the > RHEL versions, with cabinets with 50 servers apiece and annual > subscription charges that model will never work for us. Have you bothered to talk to RH sales at all? IIRC there was someone that posted about a quote for their .edu that ended up being ~$50/seat for 100 seats. That is less than the subscription to RHN. > So far I've seen nothing on continued vulnerability-patching for RHL > 7.3, or for RH9. If there is any, it appears to be well-hidden, and if > you know of any, please tell me. Redhat's EOL for their releases have been posted for a while: http://www.redhat.com/apps/support/errata/ Fedora Core will come with no SLA at all. As others have pointed out there is a "Fedora-Legacy" movement out to do some back porting of fixes and such after RH's EOL. If you go with option a) above then you have the resources to contribute to this if you wish. -- William Hooper
