Charlie,
Redhat has announced that versions of RH up to 8 have and end of life date of 12/31/03 and RH 9 is 4/30/04.
What this means is that RH will no longer take security problems (in any package or application within RH), find a solution or utilize an existing fix and then put out some sort update or upgrade. RH, up to this point, has done this in a manner that was easy and readily available.
Redhat knew exactly how their packages and applications are changed, re-written, compiled, etc. When a problem arose, RH knew exactly how to tackle the problem and come up with the proper solution.
One answer for the future is that the community will address a problem, find an answer and then release some sort of "fix".
Will a fix assembled by the community really fix the "problem" on a RH system? Who knows, some RH fixes have had to be modified to be applied to SME.
Will there be multiple fixes?
Will Fedora continue to try to release security and bug fixes for older RH versions?
Way too many questions and absolutly no answers.
You can't continue to market one of the most simple, stable and secure system and still base it on a distro that will become more complicated, unstable and insecure. IT JUST MAKE NO SENSE!
As for Fedora. I admire the spirit in those with the desire to continue developing a RH offspring and bring it into it's next generation. This distro will be cutting edge and no doubt full of problems. Fedora will not mantain updates for legacy products like RH always has (up until now anyway). Check out their "Legacy Policy"
Quote from Fedora:
Fedora Legacy
"Fedora Legacy" refers to package fixes submitted for old versions of core packages or old releases (releases that have been superceded by a newer release more than 2-3 months before) of Fedora Core by people on an adhoc basis.
Packages in Fedora Legacy are controlled by their respective package maintainers and are subject to the acceptable use policies of the project. Packages in Fedora Legacy can be maintained by anyone who agrees to the project's policies and procedures. The steering committee can be asked to provide guidance, but has no power to remove legacy packages or material within legacy packages. However, legal issues or not following project guidelines may cause packages to lose their "Fedora Legacy" status.
Packages in Fedora Legacy must be built entirely from software meeting the open source guidelines and must be signed with the package's key rather than the Fedora key. RHN will not carry Fedora Legacy content.
Red Hat will provide CVS repositories, ftp and minimal web services, and possibly other facilities needed by the Fedora Legacy packages.
End Quote.
As I read this, Fedora will mantain updates and fixes for maybe 6 months. Fedora will become a great resource for new technology but should not be used to build a distro like SME on.
I ramble too much!!
Paul