Good day SL people, In 2009 I was surprised to learn from this useful+informative SL-User's list, that CentOS does not always release security updates in a timely manner: http://listserv.fnal.gov/scripts/wa.exe?A2=ind0908&L=scientific-linux-users&D=0&T=0&P=4484 "It has come to light that the maintainers don't/can't release interim security updates while they are rebuilding a new dot release from upstream" http://listserv.fnal.gov/scripts/wa.exe?A2=ind0908&L=SCIENTIFIC-LINUX-USERS&P=R7106&I=-3 "For example, once Redhat releases a point release, an attacker knows that any subsequent errata can be used against a CentOS box at least until the CentOS project releases the corresponding point release. It is quite literally a sitting duck." http://listserv.fnal.gov/scripts/wa.exe?A2=ind0908&L=scientific-linux-users&D=0&T=0&P=4999 "(About CentOS & why user is switching from CentOS to SL:) So there is a potential delay of weeks and months before security updates are passed on whilst a distribution is being rebuilt, as they currently don't start rebuilding the dependencies of an errata updated package, unless it is part of the release. I am quite happy to wait a few days for a security updates, but I do take issue to an unknown exposure where security updates are delayed for an unspecified length of time." Question: that was in 2009. Does anyone know, is the above still true of CentOS? (Apols - I don't wish to join CentOS list just to find that out & am unable to find out via some searching) (We are debating building some new servers as SL vs CentOS, & timely security updates are relevant to us) Many thanks for pointers/enlightenment.