The End of Gmane?

If any of you use mailing list archive Gmane, you would want to start looking at its alternative. Gmane developer Lars Ingebrigtsen announced Thursday that he is thinking about ending the decade-old email-to-news gateway. But first, for those unaware about Gmane, here's is what it does: It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list's inclusion on the service.Ingebrigtsen said Gmane machines are under numerous DDoS attacks -- coupled with some other issues -- that have made him wonder whether it is worth the time and effort to keep Gmane ticking. He writes: I'm thinking about ending Gmane, at least as a web site. Perhaps continue running the SMTP-to-NNTP bridge? Perhaps not? I don't want to make 20-30K mailing lists start having bouncing addresses, but I could just funnel all incoming mail to /dev/null, I guess... The nice thing about a mailing list archive (with NNTP and HTTP interfaces) is that it enables software maintainers to say (whenever somebody suggests using Spiffy Collaboration Tool of the Month instead of yucky mailing lists) is "well, just read the stuff on Gmane, then". I feel like I'm letting down a generation here.As Gmane's future remains uncertain, Ingebrigtsen recommends people to have a look at Mail Archive.

Re: Nothing of value was lost

> Don't follow security news much do you?

I do. There's BEAST (2011, SSL3/TLS1.0 only), CRIME (2012, TLS1.0->1.2), BREACH (2013, TLS1.0->1.2), and POODLE (mid 2014, SSL 3.0). In late 2014, it was discovered that a few faulty TLS implementations were also vulnerable to POODLE. They have since been fixed. BEAST mitigations have been in place for *ages*. CRIME and BREACH only work when TLS compression is enabled, so the fix for that is fairly trivial.

Are there any significant recent ones that I missed? (Implementation bugs like Heartbleed don't count. One doesn't point to a screwed up implementation of a protocol and say "That protocol is insecure.", one says "That implementation is fucked up.". A protocol *can* be too complicated to reliably implement correctly... but the wide array of correct TLS implementations strongly suggests that the OpenSSL guys just fucked up.)

Or are you talking about the politics of the infrastructure that was set up to distribute and validate X.509 certificates for use with TLS? If you're talking about *that*, then know that the TLS spec leaves unspecified how X.509 certs are issued and managed. That is to say that Certificate Authorities and the management of the same have nothing to do with the security of the TLS protocol, but might be a concern for a particular site that *uses* TLS. You can -after all- use TLS with no loss of security guarantees without ever speaking to a CA.

Gmane is the only way to reply to messages on list

[tap]

I do lots of Linux development. Often I'll find kernel patch that's not in the mainline kernel yet, or was just recently added, that has some issues with it. With gmane I can browse the original discussion threads about the patch, import them into evolution, and then reply to one of the messages. And get the proper in-reply-to headers on my email, cc the proper groups and people, etc. I don't have the original thread in my inbox because I'm not subscribed to 200 different lists that I save all the messages from. But gmane is.

None of the other list archives (which aren't as good as gmane anyway) allow you do this.