How does the average Joe patch Linux?

Dana Blankenhorn asked this interesting question "how does an ordinary open source user manage patches" without paying expensive subscription fees.  But before I answer his question, I want to know how many "ordinary" open source operating system users are there?  Most Linux users still have to be computer savvy in the first place because the mere thought of compiling source code is terrifying for the average Joe.  Fortunately, the GUI and patch management systems in most Linux distributions have gotten much easier but not easy enough to draw in the masses yet.

Red Hat does a pretty good job with their automated patching system that patches everything from Firefox to the OS kernel (with a reboot), but their annual Enterprise support fees makes the cost of buying a copy Windows look cheap.  I've owned my copy of Windows XP for 4 years and it will probably be 5 before I update to Vista and I just can't see my self paying the price of Windows XP for a one year subscription of Red Hat Enterprise Workstation basic edition.  Aside from the high annual costs, I haven't seen anything on the Linux front that matches Microsoft's free WSUS yet which provides a centralized enterprise patch management solution.

Fortunately (or unfortunately if you're Red Hat) there is a nearly free solution from CentOS that is an exact clone of Red Hat Enterprise Linux so long as you don't mind being one day behind Red Hat patches.  CentOS is compiled directly from Red Hat GPL source code and the only thing different about CentOS is that every occurrence of the trademarked word "Red Hat" has been replaced with the word "CentOS".  This probably sounds a bit underhanded of CentOS to take the hard work of Red Hat and just give it away for free along with the ongoing maintenance patches, but this is the double edged sword in GPL.  If Red Hat benefits from GPL, then the community gets to benefit from Red Hat.  From a business standpoint, it's unclear how you're suppose to make money from software other than charge high prices for consulting and support contracts, but this only works so long as someone else doesn't undercut your support contract prices.