Effective October 10, Red Hat’s Mailman-based Security Announcements list will be retired in favor of a public RSS feed.
In recent months, news from the Red Hat camp has been raining down one after another. Most of it has been controversial and challenging for the open-source community to accept. So, let’s quickly recall what has happened so far.
No More Freeloaders
It all started in December 2020 when Red Hat transformed CentOS to CentOS Stream, removing it from the server OS game. By then, the distribution enjoyed millions of installs and was the leading free alternative for Enterprise Linux (EL).
It ultimately comes down to eliminating the competition in favor of their RHEL (Red Hat Enterprise Linux) offering.
However, this resulted in the emergence of several new RHEL derivatives, with Rocky Linux and AlmaLinux being the most popular. These have gained momentum, with Rocky becoming users’ most preferred EL distribution, leaving RHEL behind.
However, this didn’t sit well with IBM/Red Hat executives, as in June of this year, they made the highly controversial decision, which goes against all open source principles, to limit access to the operating system’s source code to Red Hat Customer Portal subscribers only.
The downstream RHEL derivatives, meaning Rocky, Alma, Oracle, etc., were labeled “freeloaders” and “rebuilders,” suggesting they added no value to the final product.
Now, the company is taking a step for the better regarding a critical element – information about security updates.
Red Hat’s Security-Announcements Mailing List Remains in the Past
In an October 3 announcement on its Security Advisory mailing list, Red Hat informed that as of October 10, only users with active Red Hat subscriptions can access Red Hat Product Security advisories.
This is a notification to inform all subscribers that on October 10, 2023, the rhsa-announce mailing list will be disabled by Red Hat Product Security, and no additional Security Advisory notifications will be sent to this list.
We clarify that this list has been around forever. It is a communication channel provided by Red Hat, designed to inform about security-related updates and announcements related to Red Hat products.
Subscribers to this mailing list receive notifications about new security advisories, updates, and patches that Red Hat releases to address vulnerabilities and security issues in their software products.
This helps system administrators and IT professionals stay informed about potential security risks and the availability of updates to mitigate them, ensuring that they can maintain a secure and stable computing environment.
In addition, customers can continue to use Red Hat’s Customer Portal to manage notifications with much greater control.
The company has decided not to continue with an announcement list because it is an inefficient and non-standardized way of managing security data.
But there is no room for concern. A publicly available RSS feed at https://access.redhat.com/security/data/metrics/rhsa.rss will replace the old Mailman-based mailing list where security updates for Red Hat products have been published so far.
On top of that, to consume security advisories in a machine-readable format, you can use this.