I was quite surprised to see Oracle has a new page up, encouraging people to switch from CentOS to Oracle Linux.

For those that aren’t aware, CentOS is a completely free re-build of Red Hat Enterprise Linux. It’s a distribution our customers use a lot, both with our own CentOS 6 AMIs and on bare metal.

On the face of it the Oracle switch from CentOS page seems pretty benign - re-assurance that it’s really free, even some self-deprecating humour about Oracle.

Then I saw the graph, which purports to show how much quicker Oracle security updates are released than CentOS.

The graph data has been carefully selected, ignoring the CentOS continuous updates repository, and selecting a period when mainline updates were slow due to the new way in which Red Hat kernel updates are released.

Red Hat Bug ID	Red Hat Fix released	CentOS Fix released	Oracle Fix released	Difference (days)
2012-0743	18-Jun-2012	19-Jun-2012	21-Jun-2012	2
2012-0571	15-May-2012	16-May-2012	21-May-2012	5
2012-0481	17-Apr-2012	17-Apr-2012	23-Apr-2012	6
2012-0350	6-Mar-2012	7-Mar-2012	12-Mar-2012	5
2012-0124	13-Feb-2012	14-Feb-2012	14-Feb-2012	0
2012-0052	23-Jan-2012	24-Jan-2012	25-Jan-2012	1

In fact, if we look at kernel security updates this year (shown above), we will see that every single CentOS kernel update has been released at the same time or before the corresponding Oracle Linux kernel update.

As such, we’ll be contunuing to recommend CentOS Linux to those who want a free (in both meanings of the word) Linux distribution.

And of course, there’s the fact that the original article completely fails to mention - if you want the security updates first, the only way to get them is by paying Red Hat for support, not Oracle.