top | item 36484792

(no title)

I'm not even a user of rhel but the difference is: security patches. Enterprise uses rhel because they fix or triage nearly every vuln, every time. If you work for a company with extremely stringent security requirements, or sell to government entities, rhel and its derivatives (CentOS/Amazon Linux 2, etc) are basically the only way you can clear their requirements.

Debian (and by extension, Ubuntu) chooses to not fix a significant amount of security issues. This makes sense given their business models, but is an unworkable position for a huge number of enterprises that depend on Linux. Example: https://ubuntu.com/security/CVE-2021-45464

discuss

Yeroc|2 years ago

That, and if you need to run some COTS (commercial off-the-shelf) software package chances are the vendor will only support it on RHEL (or CentOS). However, many of these vendors also support Ubuntu LTS or Suse Enterprise now so there are (usually) a couple of Linux-based alternatives.

cyberpunk|2 years ago

I work for a eu government with extremely high security requirements (in the national identity / IDP / health space).

We actually _CANNOT_ use redhat for compliance reasons.

(We're using ubuntu LTS as it goes)

jtolds|2 years ago

Why? What compliance reasons make Ubuntu LTS work and RHEL not work?

fariszr|2 years ago

What about SUSE/OpenSUSE? Surely that would've gotten the green light?