I don't know what you mean by 'commercial OS'. Let me rewind a little and make sure I'm completely clear in the point I was trying to make. I blame the horrid hotel room I'm in right now for any confusion.
I mostly work in the government space these days. Certifications like Common Criteria, FIPS, FISMA, et al include not only the bits but the build environments/processes/etc. as well. They are time-consuming, expensive and the RHEL certifications for these standards don't apply to SL/CentOS/OEL/foo. You CAN be PCI-compliant with most any Linux distribution if you work hard enough. However, if you find yourself in a PCI violation situation due to the bits (not human error, of course), community-based distributions can provide support through their normal means. Where Red Hat differs with PCI is that they are also legally on the hook in that situation because of the T&C's that customers accept at the beginning. It's a two-way street. In those situations, having a vendor that is legally liable to assist and provide remediation is, IMHO, a good thing. Hope that helps. On Wed, Apr 9, 2014 at 1:17 AM, Eero Volotinen <[email protected]>wrote: > > > > >> >> Is SL not PCI compliant because it is not a commercial >> effort? I thought SL got all the patches the RHEL >> got? Please elucidate. >> >> > There is no PCI requirement(s) to use commercial OS. Please read the > requirements instead of FUD! > > -- > Eero > > -- Thanks, Jamie Duncan @jamieeduncan
