This article is more than 1 year old
Red Hat retires mailing list, leaving Linux loyalists to read between the lines
Email is just so 20th century
Comment Red Hat has closed its security advisories mailing list. It will still share the information, just via an RSS feed, with access free for all… at least for now.
The Linux behemoth quietly announced that rhsa-announce
mailing list would shut up shop last week:
On October 10, 2023, the rhsa-announce mailing list will be disabled by Red Hat Product Security, and no additional Security Advisory notifications will be sent to this list.
We can't improve on LWN's summary, which said: "That is the list that receives security advisories for Red Hat Enterprise Linux and a whole slew of related products." A regular feature on LWN is a list of newly announced security fixes, and Red Hat's list closure has prompted considerable discussion there – which makes some interesting points.
If you're an ordinary Linux user running a mainstream distro that you update frequently and regularly – as we all should, but far too many folks don't – then these bulletins are not of much help. Distro vendors release patches and fixes as soon as they've been tested, and you will get them at your next update.
It's different if you're running internet-facing servers, though. Then you need to know about the vulnerabilities as soon as they're found – that is, before they're fixed. That means you can be ready to handle any problems: disabling non-essential features, or perhaps replacing them, or monitoring essential services that you can't turn off for intrusion attempts.
But there is another category of users who need this info: people running custom and embedded distros, which includes appliances with statically linked binaries and containers they constructed themselves. A simple update command won't help here; the binaries, containers or OS images must be reconstructed to incorporate new versions. As LWN commenter "Elv13" put it: "Machines which can do apt/dnf updates are a minuscule (and shrinking) fraction of Linux installs."
Ideally, anyone using such complex custom solutions would have some form of continuous integration/deployment pipeline in place to automate this, but we live in something very far from an ideal world, and Hanlon's Razor applies strongly here. ("Never attribute to malice that which is adequately explained by stupidity," to which we'd add incompetence as an alternative for the last word.)
Red Hat is continuing to supply the information. It remains available via RSS – the direct feed is here. For information on new bugs, you can also search Red Hat's errata database.
The main change is that direct notifications in your inbox are going away – those are now paywalled, and only paying RH customers will get alerts.
The change reminds us strongly of the GNOME Project's decision to close all its mailing lists this time last year.
We feel that this is, in general, a symptom of a larger malaise – that new folks entering the industry are unfamiliar with the way that old tech works. It is common to find software that's older than you are clunky and old-fashioned. Once those people have been around long enough to get promoted into a position of some authority, it is common to want to replace those legacy systems with something simpler and more modern. That usually just means that they didn't understand the power and capabilities of the older tool – which its simpler replacement inevitably lacks, or it wouldn't be simpler.
- Microsoft gives unexpected tutorial on how to install Linux
- Incus 0.1 is Canonical's LXD 'containervisor' with Ubuntu integration stripped out
- Apple antique aficionados can boot to the future with OpenCore Legacy Patcher
- ELKS and Fuzix: Linux – and Unix – writ very, very small
GNOME replaced its lists with glorified web forums hosted on Discourse, which look just as good – if you don't know how to use email properly. If you do, however, web forums look like a bit of a toy. Sure, web forums have inline images and other chrome, but that's totally superficial. What that misses is that email works from any server to any client, and as messages are received in the recipients' clients of choice, they can be sorted, filtered, prioritized, and so on.
No web forum can do this. Worse, the more forums you're in, the more sites you must visit every day, where you are compelled to use the umpteen different UI layouts that each systems' designers wanted, or at least were able to get working.
But, as some of the comments to our recent article on emailing like a pro showed, not only do many people not know how to use email effectively, they are proud of their ignorance, and even mock those who do know. It reminds The Reg FOSS desk of international attitudes to roads and driving.
This vulture grew up in West Africa and in the 1990s toured China. These countries have, or historically had, what we will diplomatically call robust and forthright attitudes to the rules of the road. There aren't many road markings or road signs anyway, and little testing of drivers' skills or enforcement of driver licensing. What signage exists is mostly ignored, even to the extent of which side of the road to drive on. So, to an approximation, everyone goes straight down the middle and dodges. The result is constant rolling chaos and fearsome mortality rates. At one point, Africa averaged about 10 times the death rate of Western Europe, and Asia is nearly as bad.
Trying to conduct bottom-posted plain text email discussions with people who write wherever their email client happens to leave the cursor is like trying to drive carefully in a country where the rules of the road are less regulated, for whatever reason. The result is that careful drivers get lost in the melée of people who drive wherever and whenever they feel like. Following the rules doesn't help you, and so the scofflaw majority end up concluding that the rules which they never understood are pointless.
As a result, when they end up in charge, they decide to get rid of email altogether, because they never really knew how to use it in the first place. They replace it with something simpler but functionally is crippled, and everyone suffers, even those who knew and followed the rules. The lesson of Chesterton's Fence is rarely learned.
We cynically suspect that much the same arguments apply to a great deal of the technological churn in contemporary Linux: systemd, Wayland, Snap, Flatpak, and indeed GNOME itself since version 3 was rewritten in JavaScript.
O tempora, o mores! There are still places where the old, traditional ways still mostly hold, at least for now. FreeBSD 14 is nearly ready. ®