How to secure channels created with spacewalk-create-channel?

ujjain asked:

Does spacewalk-create-channel (RHN Satellite) create channels without security updates?

spacewalk-create-channel --user=username --password=password -v 5 -r Server -u U7 -a i386 --destChannel=rhel-i386-server-5.7 .N "rhel-i386-server-5.7"

Release date of RHEL 5.7:

  • RHEL 5.7, also termed Update 7, 2011-07-21 (kernel 2.6.18-274)

Does that mean a created channels with the spacewalk-create-channel methods don’t have package updates since the RHEL 5.7 release (2011-07-21)?

How to secure a RHEL 5.7 i386 channel created with spacewalk-create-channel without updating to RHEL 5.9-latest?

My answer:

If you want security updates, you must do either one of two things:

  • Always update to the latest service pack, currently 5.9.

    RHEL subscriptions normally receive security and bug fix updates against the latest minor release only. However, Red Hat does offer backporting:

  • Purchase Extended Update Support for the specific minor release you want to remain on.

    Red Hat offers the Extended Update Support (EUS) Add-On to a Red Hat Enterprise Linux subscription for those customers who wish to standardize on a specific minor release for an extended period of time. The EUS Add-On allows customers the flexibility to decide when to take advantage of new Red Hat Enterprise Linux features, including new hardware enablement.

    Under a Red Hat Enterprise Linux subscription, all available RHSAs and RHBAs are provided for the current active minor release until the availability of the next minor release. By contrast, EUS delivers—for a specific minor release—an independent, extended stream of those Critical Impact RHSAs and selected Urgent Priority RHBAs that are available after that specific minor release and in parallel to subsequent minor releases. For EUS subscribers, Red Hat generally will continue to proactively provide Critical Impact RHSAs independent of customer requests if and when available.

    Note that some minor releases prior to 6.0 do not have Extended Update Support available (and 5.7 is one of these).

See Red Hat Enterprise Linux Lifecycle for more information.

You should also spend about an hour yelling at the idiot vendor who says you have to remain on 5.7.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.