How does Fedora’s security patch lag compare to CentOS? The CentOS website states that security patches from RHEL take 24-72 hours to land in CentOS. But CentOS is a downstream, non-profit clone of RHEL.
Fedora is technically upstream from RHEL, but RHEL isn’t exactly downstream from Fedora:
- Red Hat removes and modifies a lot of software from the Fedora release before it becomes a RHEL release.
- RHEL freezes the kernel and most software versions, backporting fixes for 10 years. Whereas Fedora releases are EoL after 13 months.
- RHEL obfuscates patches to frustrate clones like Oracle and SUSE.
Does Fedora wait for opaque security errata from RHEL releases like CentOS, or is there a more cooperative relationship?