Richard W.M. Jones wrote:
I didn't say RHEL completely ignores them. They are not fixed
asynchronously but we do fix them in the next regular minor release.
Sometimes. Not always though.
I have seen more than one security issue that we fixed very quickly in
Fedora, but that was marked WONTFIX for RHEL with the comment (always worded
the exact same way) that it would likely be addressed only in the next major
version of RHEL (well, of course it will, because we fixed it in Rawhide)
and not in the existing major versions (not even in the next minor version).
The fact that there is such a form letter comment shows that this is not an
exceptional case either.