Security patches release done when compared to RHEL updates

Hi There,

I am new to Rocky Linux, please could you let me know how fasts will be security patched will be done when compared to RHEL updates. I am looking for timelines.

This information can be found at our wiki in our Version Policy section.

Hi,

Thank you and I have further other questions.

  1. Is there commercial support for production and non production system from Rocky Linux community?
  2. Also how are the jdk and tomcat version mapped, does that follow RHEL mapping?
    Regards
    Yasmin

Only community support is available from the project. If you need commercial support, there are third party vendors you can reach out to.

Whatever is available in RHEL will be in Rocky Linux as we strive to be as close as possible, which does include the versions of our packages.

I tried to reach few third party companies but no reply from them.

If you want paid support, you could just use RHEL, but what kind of support do you expect to get?

Production support for OS and Security patches.

Can you provides security updates closeness to RHEL. For eg: Alma provides Critical and High-risk vulnerabilities (CVSS 7+) within 14 days.

As explained in an earlier reply, whatever is in RHEL will be in Rocky Linux as we strive to be as close as possible. AlmaLinux may also end up being close too but may have more, as they have different policies and methodologies to how they maintain their distribution.

Please read our wiki, which explains that we have updates between 24 and 48 hours as they are released by our upstream.

Rocky has community. The community is the users. Peers, who help each other. You (and I) are part of the community. You help others as much as you can. That is the “support by community”.


Red Hat releases a patch for RHEL. Rocky maintainers find source code for the patch and build it for Rocky. You paid nothing for Rocky, except the time it takes for the patch to be released for Rocky.

If some third-party offers packages for Rocky that replace what is in Rocky, then that (paid support) renders the system not-quite-Rocky. That can be fair trade for some cases.


The AlmaLinux chose to not be as similar to RHEL as Rocky is. Still very close. Nevertheless, they have more need to tell about things “not in RHEL” than Rocky.

are these security updates or general updates which is released within 24hours or 48 hours?

Yes.

Red Hat releases a larger set of updates, including features and fixes, every six months. These large sets are “point updates”. The latest was in May, the “9.4”. Then they start to develop the next point update.

At the same time they do make and release security and bug fixes for the released point update. It is these patches that Rocky tries to rebuild within 1-2 days of corresponding errata for RHEL.


We (users) do not cherry-pick packages. We run dnf up regularly to get all the available updates into our systems. In CentOS Linux, the predecessor of Rocky, there were never any packages tagged with “this contains security fix” or “this is not security”.

1 Like

Hi all,

Thanks for the answers provided so far. I have fair idea of Rocky now. But I do really want to understand followings when compared to RHEL

  1. Volume of Rocky Deployment base in terms of popularity?
  2. Timeline for Security updates?
  3. Delay in Routine bug and functional fixes?
  4. Delay in OS release ?
  5. Is there any reference to mission critical?

This number cannot be fully tracked as it does not account for usage in closed networks and hits on our CDN or our mirror manager cannot be taken as gospel.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.