Still MIA? When did it go missing?

Too bad about CentOS, I guess its contributors are busy doing other things.

This doesn't appear to be Red Hat's fault at all: Scientific managed to push out Scientific 6 stable just fine. Maybe the CentOS guys are still upset about the way that Red Hat distributes kernel sources in RHEL6.

What's really bad about CentOS is that they don't want the community to contribute to CentOS at all.

There was a quote from one of the developers that they don't even want to tell people how they put the distro together, because why should they tell you how to put together a competing product?

Wow, those are some pretty damning quotes.

Maybe it's time I start looking into Scientific Linux for our servers. If it's still RHEL/EPEL compatible, it's probably a safer bet all around.

That or switch back to Debian.

I could give a shit less about the arrogance that comes from re-building SRPMs, what I care about is the three months without security updates.

There is nothing enterprise quality in that.

The first quote sounds reasonable: That is, in fact, not their purpose.

The second is a bit radical, though, and I'm not sure if he meant to say what he said. If he did, then I am at a loss for words.

Am a CentOS user and just upgraded to 5.6 today without any problems. The devs decision to do 5.6 first is because thats what is currently in production and so it is more critical to the installed base than a new version which has to undergo testing before being used in production, I don't remember seeing an objection to this on the list as users agreed with this point of view. Your story fails to mention that even Scientific do not have SL 5.6 out.
As for the comments I would not bother with those since on the CentOS site they have enough information to get you started contributing towards the project if you want to and I have seen people being given this kind of info on the list, but the main reason for that comment is that the devs and other users too were getting tired of people just keeping asking when the release was going to be over and over again.
On security updates all security updates to 5.5 were still coming through only those relating to 5.6 were not being delivered since 5.6 was not out yet.

No, CentOS and Scientific Linux couldn't care less about that change. They're just rebuilding the package *as it is*, they don't care if they're rebuilding the kernel + a patchset or a kernel which already includes the patchset. If anything, it makes their job a tiny bit easier.

The change will only potentially annoy Oracle, since Oracle now doesn't have a clean list of the changes that has been made compared to an upstream kernel from kernel.org - they need to figure it out themselves. I assume this will give them some headache when they try to make their own "improved" kernel compatible with the rest of the RHEL userspace applications.

You were not receiving security updates, chief. They back ported what were reported as remotely vulnerable leaving all "local vulnerabilities" un-patched. Keep in mind that if someone has shelled in to your machine without your knowledge all of those local vulnerabilities are now remote vulnerabilities.

It's a nice shell game, but CentOS is a joke on security.