CNET News Article

[William Hooper]

Jeff Lasman said:
[snip]
> What we need is continued vulnerability-patching for core releases for a
> long time.

Then you need either a) a team of coders to backport security fixes to the
versions of the software you want to use or b) buy RHEL and rent Red Hat's
team of coders to backport security fixes.

> While that might seem to make us primary candidates for the
> RHEL versions, with cabinets with 50 servers apiece and annual
> subscription charges that model will never work for us.

Have you bothered to talk to RH sales at all?  IIRC there was someone that
posted about a quote for their .edu that ended up being ~$50/seat for 100
seats.  That is less than the subscription to RHN.

> So far I've seen nothing on continued vulnerability-patching for RHL
> 7.3, or for RH9.  If there is any, it appears to be well-hidden, and if
> you know of any, please tell me.

Redhat's EOL for their releases have been posted for a while:
http://www.redhat.com/apps/support/errata/

Fedora Core will come with no SLA at all.  As others have pointed out
there is a "Fedora-Legacy" movement out to do some back porting of fixes
and such after RH's EOL.  If you go with option a) above then you have the
resources to contribute to this if you wish.

-- 
William Hooper