> But are they maintained well?
Alma has a few affordances as it's no longer RHEL source compatible, which means it could ship priviledge escalation fixes with new kernel updates faster.
Rocky responded with an extra, optional to enable, security repo to provide mitigations to the exploits while waiting for RHEL to downstream.
Look pretty well maintained to me. If only judging by recent events.
Rocky's docs are also really nice. They aren't as thorough as RedHat's, but they're much more readable and concise, and tend to be written for a less enterprise-y audience.
Don't even remind me about the RedHat docs, lol. Their solutions pages used to be readable with an account, now I think you need a subscription too.
The manuals, indeed are good, though for more esoteric issues I land too often on a gated answer page.
Content wise the RedHat docs are great, but navigating the doc has a wired feeling that is hard to describe. Everything is black and white, the page has low information density perhaps because of the line space or paragraph space; the typesetting of command line and configure examples is not clear separated from surrounding text; mouse cannot select text of the command line examples; the page top is distracting because it keeps showing and disappearing as mouse scrolls up and down. Somehow the left navigation pane is also difficult to follow, easy to get lost when trying to find a section.
You can use the free developer subscription for documentation even if you don't plan to use your 16 RHEL licenses.
Thanks!
I don't care much about being fully RHEL compatible, or no ABI changes at all. I just want a system that gets security fixes quickly with as little chances of breaking things as possible.
How about a lightweight immutable distro, like say Fedora CoreOS or openSUSE MicroOS?
Fedora CoreOS in particular has had a good track record delivering patches quickly. Like for CopyFail was pushed to the stable channel in about a day, IIRC, but the patch was already available within a few hours of disclosure in the "next" / testing channel.
Talos and Flatcar are also worth considering if you want an even smaller attack surface, from what I heard they weren't even affected by CopyFail.
Fedora is a staging environment for RHEL
This oversimplifies reality. Fedora has a community and actively makes decisions RHEL has no interest in. But yes they also help with testing many things.
Been there, done that. Less changes are just better.