I’m pretty sure the Red Hat model is to profit off the community efforts while creating convoluted complications in the name of security so they can send their high paid consultants to your business and get paid even more.

Was it professional when they let SSH vulnerabilities exist in RHEL7 forcing perfectly useable machines to upgrade to 8 for remediation?

Don’t get me wrong, they’re the new “nobody got fired for” company (technically still the same). That doesn’t imply Debian and Ubuntu are less secure except in name. Go to Google cloud and see what CIS hardened images exist.

Your perspective is an oversimplification if not completely wrong.

This is the most bizarre thing I've read in ages, and so incredibly wrong and unrepresentative of the current state of reality that I'm having a hard time wrapping my head around it.