[vbezhenar]

1. SELinux. It's configured for all packages in RHEL distribution and it works. It's an additional layer of defense and think that's the most important denominator from other Linux distributions. I saw recent Ubuntu distributions shipped with AppArmor, but I'm not sure that it's as good.

2. First-class support for systemd. Well, I'm not sure that's a fair point.. But with Debian I'm always seeing some messages about sysv scripts, even when I'm using systemctl. It feels like some scripts were not fully ported to systemd or something like that. Some people don't like systemd, but I, personally, think that it's a good solution. AFAIK systemd development is sponsored by Redhat and its support is very good, all services are shipped with proper systemd units.

3. First-class support for NetworkManager, Firewalld. I think that those packages are available for Debian, but it's nice to have them installed and configured from the start, they're very convenient to use.

4. Documentation. Most of that documentation is hidden behind loginwall, but http://access.redhat.com/ contains plenty of information.

There are some drawbacks of RHEL. The major one for me is limited software selection. You need to enable EPEL even for some basic software like Strongswan, Certbot or OpenDKIM. And EPEL is not RHEL (although it's quite good).

[strzibny]

I second all of that.

For anyone who might be interested in Fedora-family, namely systemd, SELinux, and firewalld bits I am writing a book now about deploying with Fedora and CentOS Stream[0] and I am almost finished. With this announcement I might add RHEL support directly - the difference is just in running a subscription manager.

Also, if you are using Vagrant, you can use RHEL with a vagrant-registration plugin that automatically subscribe you (disclaimer: I made the plugin when working for Red Hat and packaging Vagrant for Fedora).

[0] https://deploymentfromscratch.com/

[bubblethink]

I've gone back and forth on selinux (and a bunch of other in-house stuff that RHEL makes). Yes, it has improved over the years, but it still breaks a lot. The thing with RHEL is that you really need to be paying for the support to get any value out of it. With CentOS or this beggar subscription level, you are better off using Debian or Ubuntu, because when shit breaks, all you'll do is create a bug report in any OS. With Debian or Ubuntu, you have a slightly better chance at recovery. RHEL has a strict demarcation between support levels, features, release timelines, etc. So if you report a bug to RHEL, they may not backport the fix even if it fixed upstream. And then you are just stuck.

[Conan_Kudo]

> RHEL has a strict demarcation between support levels, features, release timelines, etc. So if you report a bug to RHEL, they may not backport the fix even if it fixed upstream. And then you are just stuck.

This is changing with CentOS Stream. Bugs can be filed against CentOS Stream in the Red Hat Bugzilla and they will do something with that bug report. Additionally, if you know what to backport to fix it, you can submit pull requests on any package in CentOS Stream to have it reviewed and merged to fix your issue. The fix would then be built and released within days of merging your fix.

From my perspective, that's pretty golden for an Enterprise Linux platform. The only other that's like that is openSUSE Leap/SUSE Linux Enterprise.

[bubblethink]

Stream is a bit closer than Fedora, but the larger point of needing paid support remains. The slow cadence of RHEL means that unless you are paying for support, things get kind of frozen around the .5 release. After that, they just won't backport fixes, not even regressions, unless a) You are paying, b) It's really a critical security bug. I don't think that will change with Stream.

To summarize, the RHEL model of releasing an OS every 5 years with these staggered upstreams is really not that great. It creates immense inertia and pain down the road. RedHat itself hasn't been able to port its own offerings like Satellite to RHEL 8. I would rather have the Ubuntu cadence of LTS releases every 2 years so that you are at most 2 years away from any fixes you need.

[Conan_Kudo]

RHEL major releases are every 3 years now.

Matthew Miller (@mattdm) tweeted out the "Fedora->RHEL formula": https://twitter.com/mattdm/status/1349037318200561665