Bug 2138359

Summary: [RFE] - The Red Hat OpenStack operative system is frozen at RHEL 8.4 (EUS ends on May 31, 2024).
Product: Red Hat OpenStack Reporter: Riccardo Bruzzone <rbruzzon>
Component: openstack-tripleoAssignee: James Slagle <jslagle>
Status: NEW --- QA Contact: Joe H. Rahme <jhakimra>
Severity: high Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: mburns
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Riccardo Bruzzone 2022-10-28 10:13:20 UTC 
Customer is asking for the possibility to update all OpenStack components (Director, Controller and Compute nodes) to a more recent minor OS (e.g.: RHEL 8.6).

This requirement is pushed by the internal BDI Security team:
SW (OS included) should be always updated to the last version released to include also the last versions of the pkg delivered and not only some patches at the discretion of the supplier. 
As last point, in the EUS statement there is a discretionary option: 

# Under a Red Hat Enterprise Linux subscription, all available RHSAs and RHBAs 
# are provided for the current active minor release until the availability of the next 
# minor release. By contrast, EUS —for a specific minor release—an independent, 
# extended stream of those Red Hat defined Critical and Important impact RHSAs 
# and selected (at Red Hat discretion) Urgent Priority RHBAs that are available 
# after that specific minor release and in parallel to subsequent minor releases. 

This approach could lead to several vulnerabilities (medium / low) not covered.
Increasing the number of vulnerabilities not covered, the total risk of the platform is also increased.