On 23/09/17 21:52, Keith Lofstrom wrote: > > This isn't in RedHat's best interest. They want to keep > selling software, and benefit from churn.
This is misguided. "Our mission is to be the catalyst in communities of customers, contributors, and partners creating better technology the open source way." - Red Hat's mission statement source: <https://www.redhat.com/en/about/company> Red Hat does not sell software. They sell subscriptions, which enables updates. They sell support, of packages they have shipped. They sell consultancy services, to help you setup a proper infrastructure for your needs. They sell training courses, so you can use the software they ship in the best way. But they do not sell software. Everything Red Hat does these days are open source. And if it isn't, they are working to complete the transition to open source it. <https://opensource.com/article/16/12/why-red-hat-takes-upstream-first-approach> Their latest efforts in this regard: <https://opensource.com/article/17/9/ansible-announces-awx-open-source-project> *This* is what Scientific Linux builds upon, a distribution based on the source RPMs provided by Red Hat. So to your other comment: > In a larger sense: how much work is it to semi-automate > the process of backporting all these security fixes from > SL6 and SL7 to earlier distros? TL;DR summary: Probably much more than you would imagine. That is not fully realising what Red Hat does to software they ship through the Enterprise range of products. - Development (upstream involvement and/or bug/security fixing) - Packaging (ensuring the RPM packages is functional) - QA (regression testing on lots of different hardware platforms, RHEL distributions, upgrade/downgrade/fresh-install/removal of RPM packages, etc, etc) - Support of the code being shipped And in many cases the regression tests consists of several hundred test cases. Naturally, not all these bullet points relates to what SL does. But the majority of them do. Which is why RHEL (and thus SL implicitly) can be quite stable, because the package testing is fairly comprehensive and done before each release of a new update. -- kind regards, David Sommerseth