augustine, 11 months ago

@downey Thanks for the heads up. Discord announcements are probably the worst way this information could be sent out.

ramsey, 11 months ago

@downey I don’t know what the security update is, but this is exactly how CVEs work, even in #OpenSource.

downey, 11 months ago

@ramsey legit open source communities don't use paywalled proprietary tools to communicate.

downey, 11 months ago

⚠️ To be clear, a critical update for #MastoAdmin is dropping the same day #Facebook is launching #threads.

🔎 As always, you shouldn't install software updates until you've verified what is changing. Even when (especially when?) you're told it's an emergency.

chiefgyk3d, 11 months ago

@downey @chiefgyk3d did he seriously announce it over Discord? Why don’t we have an email list server a #mastoadmin can sign up to. Most projects relating to infrastructure or Linux have e-mail alerts and we as admins do use our email for moderation anyway. So it just makes sense #Mastodon and E-Mail be primary. #mastoadmin #opensource #infosec #cybersecurity

galaxis, 11 months ago

@chiefgyk3d It was later announced by the official Mastodon account (which every admin probably should put a notification on): https://mastodon.social/@Mastodon/110644992947398414

There also is a very low-traffic mastodon-admin mailing list, but I don't think that Gargron is one of the subscribers (it's independent of the Mastodon project), and a couple of dedicated Matrix rooms (also unofficial).

@downey

Artifex, 11 months ago

@chiefgyk3d @downey They "pre-announced" it on Discord with the intention to announce it fully this weekend and then [gestures around] all this happened and they forgot.

downey, 11 months ago

@chiefgyk3d We had a Discourse-based forum for the project with an admin area and facility for push announcements.

He shut it down in favor of Microsoft GitHub.

craftxbox, 11 months ago

@chiefgyk3d @downey They announced it at @Mastodon and on the IRC too... They probably should have an email list too but it's not like they ONLY thought of discord.

chiefgyk3d, 11 months ago

@downey @selea JFC, why don’t we have a list server for email signups for security alerts like so many other open source projects related to an infrastructure. Did he seriously freaking use #discord like I have a discord server too, but I prefer to announce things on Mastodon as it’s more open and can be seen without an account by my audience too. All masto admins have an email they use for admin stuff anyway WTF 🤦‍♂️ #mastoadmin #opensource #infosec #cybersecurity

fsnk, 11 months ago

@downey
if he were shilling new tshirts & merch it would be in all the public channels

fsniper, 11 months ago

@downey that's rubbish. Why on earth does not mastodon development eat it's open dog food?

LovesTha, 11 months ago

@downey A 48 hour period is pretty imprecise on when they are dropping the fixes....

downey, 11 months ago

@LovesTha Don't worry, for the right price, in cash and in your surrendered privacy, you too can be informed of the critical patch availability as it happens!

🤑

selea, 11 months ago

@downey

I laughed just because it is sad and true