In my opinion, CentOS 6.0 without custom updates should not be used in any kind of live environment at the moment.
I couldn't agree more. A number of the vulnerabilities (both server and desktop based) have easy to find exploits available on the web.
This very serious problem isn't mentioned anywhere on the web site. In fact, the front page states opposite:"Since upstream has a 6.1 version already released, we will be using a Continous Release repository for 6.0 to bring all 6.1 and post 6.1 security updates to all 6.0 users, till such time as CentOS-6.1 is released itself."
"CentOS has numerous advantages over some of the other clone projects including: ... quickly rebuilt, tested, and QA'ed errata packages"
For a distro which prides Enterprise in it's title, this is extremely irresponsible. I still don't understand why the CentOS devs don't seriously accept offers of assistance, or behave in a more transparent manner. It seems like they are more interested in an ego trip than a reputable, secure product.