Linux distro supported timeframes
Kudos to Red Hat for publishing a list of end-of-life dates; For systems administrators, knowing in advance when the security updates for a distro are going to stop is extremely useful information. To the best of my knowledge other distros like Mandrake and Debian don't do this, and IMHO it would be helpful if they did.
Having said that, one year is definitely too short; That's enough time to deploy a server system, slowly become satisfied that it's going to work OK (and document/fix/workaround whatever errors/bugs/foibles exist). At that point the ideal is to be able to leave it and only update as and when security issues dictate; Under the Red Hat timeline though, you have to upgrade to the latest and greatest to still get updates, just when the old setup had proved its stability.
Of course supporting older versions cost money and there has to be a limit to how long something (especially a cheap/free something) is supported for. One year just simply isn't long enough though to make deploying a production server running Red Hat's standard distro a sensible proposition for the person who has to test/update/maintain it, so it seems pragmatic to look elsewhere when selecting distro for this kind of configuration. (Of course Red Hat's advanced server is supported for longer, but it's significantly more expensive at US$799.00 to US$2499.00 per year, according to their web site.)
Red Hat will no longer make a commercial low-end distro - will be an open process, with releases planned every 4 to 6 months.
Security fixes will not be backported to older releases.
Conclusion: Red Hat (free version) is not suitable for servers, and their enterprise products are simply too expensive for small businesses to deploy on servers. Therefore, another distribution should be used: Debian stable looks absolutely ideal.