Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2138359

Summary: [RFE] - The Red Hat OpenStack operative system is frozen at RHEL 8.4 (EUS ends on May 31, 2024).
Product: Red Hat OpenStack Reporter: Riccardo Bruzzone <rbruzzon>
Component: openstack-tripleoAssignee: OSP Team <rhos-maint>
Status: CLOSED WONTFIX QA Contact: Joe H. Rahme <jhakimra>
Severity: high Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: mburns, pweeks
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-12-12 16:03:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Riccardo Bruzzone 2022-10-28 10:13:20 UTC 
Customer is asking for the possibility to update all OpenStack components (Director, Controller and Compute nodes) to a more recent minor OS (e.g.: RHEL 8.6).

This requirement is pushed by the internal BDI Security team:
SW (OS included) should be always updated to the last version released to include also the last versions of the pkg delivered and not only some patches at the discretion of the supplier. 
As last point, in the EUS statement there is a discretionary option: 

# Under a Red Hat Enterprise Linux subscription, all available RHSAs and RHBAs 
# are provided for the current active minor release until the availability of the next 
# minor release. By contrast, EUS —for a specific minor release—an independent, 
# extended stream of those Red Hat defined Critical and Important impact RHSAs 
# and selected (at Red Hat discretion) Urgent Priority RHBAs that are available 
# after that specific minor release and in parallel to subsequent minor releases. 

This approach could lead to several vulnerabilities (medium / low) not covered.
Increasing the number of vulnerabilities not covered, the total risk of the platform is also increased.