Red Hat has published a bulletin saying that no product builds contain compromised package versions. https://access.redhat.com/secu...

Which distributions aren't vulnerable? What have you been smoking!?!

Which open source code has been discontinued?

Fedora is a community project, funded by Red Hat. I don't think IBM would be spending time having any input there.

Check the stock price.

Which parts of either distribution aren't open source?

What do you mean?

You should see red hat's quarter on quarter growth. Oh, and just create a redhat.com login, it's free and gives you access to all their docs. Or don't.

Only part of rhel is covered by gplv2, so in the scenario you suggest red hat would only have to publish the sources for the gplv2/3/4 bits, and not the whole distribution.

That policy didn't change either. It had been in their licence agreement on their Web site since long before any of this. I also have been told it has never been enforced.

I don't see any links to any credible sources for that info.

This was an embargoed CVE. Red Hat was working on it before either Rocky or Alma knew about it. The fix hasn't been published by RH because of the level of testing it requires, and the risk associated with screwing up the fix. Alma and Rocky have nothing like such commercial obligations to their users.

I've never heard of this. The closest to anything relevant is their participation in OpenELA, which so far seems to have done nothing.

I'm not an IBM employee, but I am downvoting you for being completely disconnected from reality

Never let the truth get in the way of morons making up some ridiculous fictional narrative about evil old IBM closing sources and being jerks.