Oracle’s patch issuance policy: bad

All right, I’ve had it. I am tired of waiting for “real” media to pick up on this story.
Oracle won’t give its customers security patches unless they buy a support agreement. This is flat-out wrong. It holds customers hostage in a particular nasty and egregious way: if you don’t buy support, you can’t get the patches you need to protect against vulnerabilities in products you’ve bought and paid for even if they’re still current.
If Microsoft did this, they’d be (rightly) pilloried. As it is, you can get any security patch for any supported product for free, either as part of a service pack or by directly calling Microsoft PSS. Microsoft has even extended the end-of-support date for Windows 98 and Windows NT so that customers can continue to get support (and patches) for them.
Of course, very few large Oracle customers run in production without support, as you would expect from such a large, complex group of products. Perhaps their customers don’t care that they can’t get patches without support because they all have it. I still think it’s wrong.
(n.b. I don’t know what IBM and Novell do in this scenario, but I aim to find out. Stay tuned.)