[CentOS] Trying to justify CentOS vs. RHEL
Hi all, I'm in the process of moving all of my RHEL systems over to CentOS but the argument that fires back at me is for critical vulnerabilities for items such as zero-day exploits and such. From what I've been reading, RHEL releases critical patches much quicker than CentOS which makes sense since CentOS is simply a copy and when changes occur they propagate down to the RHEL clones. My question is what kind of time frame are we looking at when a vulnerability (critical or high) is announced and a patch has been released for RHEL does it get implemented into CentOS? Thanks! Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to justify CentOS vs. RHEL
On Tuesday 07 May 2013, Bidwell, Christopher cbidw...@usgs.gov wrote: My question is what kind of time frame are we looking at when a vulnerability (critical or high) is announced and a patch has been released for RHEL does it get implemented into CentOS? From the FAQ, http://wiki.centos.org/FAQ/General: 2. How long after Red Hat publishes a fix does it take for CentOS to publish a fix? Our goal is to have individual RPM packages available on the mirrors within 72 hours of their release, and normally they are available within 24 hours. Occasionally packages are delayed for various reasons. On rare occasions packages may be built and pushed to the mirrors but not available via yum. (This is because yum-arch has not been run on the master mirror. This may happen when issues with upstream packages are discovered shortly after their release, and if releasing the package would break it's functionality.) -- Yves Bellefeuille y...@storm.ca Mekaro en Otavo, Kanado, 18-20 majo 2013: http://mekaro.ca/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to justify CentOS vs. RHEL
Thanks for that quick response! I guess I should have looked closer through the wiki. Much appreciated! On Tue, May 7, 2013 at 3:18 PM, Yves Bellefeuille y...@storm.ca wrote: On Tuesday 07 May 2013, Bidwell, Christopher cbidw...@usgs.gov wrote: My question is what kind of time frame are we looking at when a vulnerability (critical or high) is announced and a patch has been released for RHEL does it get implemented into CentOS? From the FAQ, http://wiki.centos.org/FAQ/General: 2. How long after Red Hat publishes a fix does it take for CentOS to publish a fix? Our goal is to have individual RPM packages available on the mirrors within 72 hours of their release, and normally they are available within 24 hours. Occasionally packages are delayed for various reasons. On rare occasions packages may be built and pushed to the mirrors but not available via yum. (This is because yum-arch has not been run on the master mirror. This may happen when issues with upstream packages are discovered shortly after their release, and if releasing the package would break it's functionality.) -- Yves Bellefeuille y...@storm.ca Mekaro en Otavo, Kanado, 18-20 majo 2013: http://mekaro.ca/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Chris Bidwell, CEH, CPT, RHCSA Red Hat Linux Administrator National Earthquake Information Center US Geological Survey email: cbidw...@usgs.gov work: 303-273-8642 mobile: 303-435-6362 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to justify CentOS vs. RHEL
Bidwell, Christopher wrote: Thanks for that quick response! I guess I should have looked closer through the wiki. Much appreciated! Please don't top post. One suggestion: if you have a number of systems, buy at least one RHEL license - that way, you can ask for enhancements, bugfixes, and such from them. That's how we got US gov't PIV card support from them. Most of our systems are CentOS, though mark On Tue, May 7, 2013 at 3:18 PM, Yves Bellefeuille y...@storm.ca wrote: On Tuesday 07 May 2013, Bidwell, Christopher cbidw...@usgs.gov wrote: My question is what kind of time frame are we looking at when a vulnerability (critical or high) is announced and a patch has been released for RHEL does it get implemented into CentOS? From the FAQ, http://wiki.centos.org/FAQ/General: 2. How long after Red Hat publishes a fix does it take for CentOS to publish a fix? Our goal is to have individual RPM packages available on the mirrors within 72 hours of their release, and normally they are available within 24 hours. Occasionally packages are delayed for various reasons. On rare occasions packages may be built and pushed to the mirrors but not available via yum. (This is because yum-arch has not been run on the master mirror. This may happen when issues with upstream packages are discovered shortly after their release, and if releasing the package would break it's functionality.) -- Yves Bellefeuille y...@storm.ca Mekaro en Otavo, Kanado, 18-20 majo 2013: http://mekaro.ca/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Chris Bidwell, CEH, CPT, RHCSA Red Hat Linux Administrator National Earthquake Information Center US Geological Survey email: cbidw...@usgs.gov work: 303-273-8642 mobile: 303-435-6362 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to justify CentOS vs. RHEL
-Original Message- From: Bidwell, Christopher Sent: Tuesday, May 07, 2013 17:12 Hi all, I'm in the process of moving all of my RHEL systems over to Why all? Lets keep that question in the back of our minds. CentOS but the argument that fires back at me is for critical vulnerabilities for items such as zero-day exploits and such. From what I've been reading, RHEL releases critical patches much quicker If zero day patches are important to maintain your accredidation on your systems then you need to have a support plan. That plan can either be a commercial services provider, vendor support contract (RHEL), or an in house team to support the system. Using a service provider other than RedHat is kind of silly since purchasing from RedHat support CentOS. Staying with RHEL is a non-change. Having an in house support team will be much more expensive as you will have to have staff for each of the packages on the system. than CentOS which makes sense since CentOS is simply a copy and when changes occur they propagate down to the RHEL clones. My question is what kind of time frame are we looking at when a vulnerability (critical or high) is announced and a patch has been released for RHEL does it get implemented into CentOS? It has always been fast enough for us, but if it were not, we would help by providing patches to the SRPM to CentoOS development team. For offical specifics, contact me off list. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
