| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by galangalalgol 1084 days ago
	That is amazing, especially as RHEL has a critical CVE sitting there for months that will never be backported to 8, while plenty of enterprises are sitting on 7.9 still. The auditors being happy is important, but part of what people pay for with RHEL is liability, and I can't imagine you get that with third party support.

3 comments

throwawayExSUSE 1084 days ago

The product was called "expanded support" before. It was used to buy companies out of their RHEL contract before the renewal date, and ship SLES for new deployments. Nothing new.

link

chadcatlett 1084 days ago

Ahh yes, there was that kind of thing as well. SUSE provided us with ways of replacing all packages on a RHEL running system with SUSE augmented CentOS packages. It was often used by people who wanted a cheaper alternative to RHEL, but still wanted CentOS for their random 3rd party apps.

link

tripflag 1084 days ago

Curious, what CVE is this? I thought that even CentOS 7.x was still under support, so not patching vulnerabilities sounds like a great way to lose even more (would-be) customers.

link

galangalalgol 1084 days ago

It looks like they finished fixing it last week and it looks like it was only a high. When I first ran into it in audit reports python said it wasn't a defect in python, just how it was used, but they would change it in 3.11.4 but no official backports. The bugzilla issue for 7 and 8 said they couldn't fix it without breaking things, so they wouldn't. It seems they found a way. https://access.redhat.com/security/cve/cve-2023-24329

link

worthless-trash 1084 days ago

Citation ? as Criticals are -definitely- still in el7 lifecycle support.

link

galangalalgol 1084 days ago

Repeating from sibling post to make sure I'm not leaving any misinformation spread.

link