When choosing a Linux distro for a production server, there are many things to consider. One of the more important ones is the length of time the version will be supported with timely updates.
My personal preference is to choose about a 3-4 year life cycle for a server distro. To me, it makes sense to downgrade a server hardware unit from mission critical to non-mission critical after 3 years.
Disclaimer: I realize this is not an exhaustive list, but it does cover most of the major server distros.
With that in mind, here is a list with notes and links of the major distros and their respective support schedules. Read carefully, do your own research, and let the information work for you.
Have fun with Linux.
Jim
--------------------------------------------------------------
SuSE and openSuSE
Note: At the end of 2010, Novell, the owners of SuSE, was bought by another company.
http://en.wikipedia.org/wiki/SUSE_Linux_distributions
OpenSuSE currently has a new release cycle of 8 months.
openSUSE releases have a lifetime of 2 releases + 2 months overlap.
With a release cycle of 8 months this makes it 18 months.
Dear openSUSE users,
SUSE Security announces that the SUSE Security Team will stop releasing updates for
openSUSE 11.1 soon. Having provided security-relevant fixes for the last two years, we will stop
releasing updates after December 31st 2010.
As a consequence, the openSUSE 11.1 distribution directory on our server
download.opensuse.org will be removed from /distribution/11.1/ to free space on our mirror
sites. The 11.1 directory in the update tree /update/11.1 will follow, as soon as all updates have
been published.
Also the openSUSE buildservice repositories building openSUSE 11.1 will be removed.
The discontinuation of openSUSE 11.1 enables us to focus on the openSUSE distributions of a
newer release dates to ensure that our users can continuously take advantage of the quality that
they are used to with openSUSE products.
This announcement holds true for openSUSE 11.1 only. As usual, the openSUSE project will
continue to provide update packages for the following products:
* openSUSE 11.2 (supported until approximately May 12th 2011)
* openSUSE 11.3 (supported until approximately Jan 15th 2012)
* openSUSE 11.4 (currently in development, to be released in March 2011)
SLES ( SuSE Linux Enterprise Server)
SLED (SuSE Linux Enterprise Desktop)
http://support.novell.com/lifecycle/
Up to 10 years life cycle.
-----------------------------------------------------------------------------------------------
RedHat Enterprise
CentOS
Fedora
http://en.wikipedia.org/wiki/CentOS
https://access.redhat.com/support/policy/updates/errata/
http://wiki.centos.org/FAQ/General#head-fe8a0be91ee3e7dea812e8694491e1dde5b75e6d
http://fedoraproject.org/wiki/Releases/Schedule
The RHEL Life Cycle identifies the various levels of maintenance for each major release
of RHEL over a total period of up to ten years from the initial release date, which is often referred to as
the general availability (GA) date.
19. What is the support ''end of life'' for each CentOS release?
CentOS-3 updates until Oct 31, 2010 | |
CentOS-4 updates until Feb 29, 2012 | |
CentOS-5 updates until Mar 31, 2014 |
The Fedora Project releases a new version of Fedora approximately every 6 months and provides
updated packages (maintenance) to these releases for approximately 13 months. This allows users to
"skip a release" while still being able to always have a system that is still receiving updates.
-------------------------------------------------------------------------------
DEBIAN
http://en.wikipedia.org/wiki/Debian
Two(2) Year Planned Release Cycle
Security Policy:
The Debian Project, being free software, handles security policy through public disclosure rather than
through security through obscurity. Many advisories are coordinated with other free software vendors
(Debian is a member of vendor-sec) and are published the same day a vulnerability is made public.
Debian has a security audit team that reviews the archive looking for new or unfixed security bugs.
Debian also participates in security standardization efforts: the Debian security advisories are
compatible with the Common Vulnerabilities and Exposures (CVE) dictionary, and Debian is
represented in the Board of the Open Vulnerability and Assessment Language (OVAL) project.[53]
The Debian Project offers extensive documentation and tools to harden a Debian installation both
manually and automatically.[54] SELinux (Security-Enhanced Linux) packages are installed by default
though not enabled.[55] Debian provides an optional hardening wrapper but does not compile their
packages by default using gcc features such as PIE and Buffer overflow protection to harden their
software, unlike Ubuntu, Fedora and Hardened Gentoo among others.[56] These extra features greatly
increase security at the performance expense of 1% in 32 bit and 0.01% in 64 bit.[57]
Ubuntu
http://en.wikipedia.org/wiki/List_of_Ubuntu_releases
http://www.ubuntu.com/server
Up to 5 years.
--------------------------
End of this Post.
