Quotes of the week

Somewhere down the road, in the not too distant future, email will simply not be an option. You can "use" it, but I can guarantee it will not be in a state where you will want to.

So we can stay in denial about this, or we can do something proactive to prepare ourselves for this inevitable result.

And when we have these conversations about how important it is to retain email based workflows, is that really to make sure we have a backup plan in case new infrastructure fails, or is it to appease "senior" maintainers like myself and others who simply don't want to change and move on?

Personally, I seriously want to change and move on from email, it's terrible.

I just want tools and pretty web pages, in fact I'll use just about anything in order to move on from email based workflows entirely.

I'm pretty opposed to the idea of forges, because this approach makes it very easy to knock out infrastructure critical to the project's ability to quickly roll out fixes. Imagine a situation where there's a zero-day remote root kernel exploit -- the attackers would be interested in ensuring that it remains unpatched for as long as possible, so we can imagine that they will target any central infrastructure where a fix can be developed and posted.

Currently, such an attack would be ineffective because even if kernel.org is knocked out entirely, collaboration will still happen directly over email between maintainers and Linus, and a fix can be posted on any number of worldwide resources -- as long as it carries Linus's signature, it will be trusted. If we switch to require a central forge, then knocking out that resource will require that maintainers and developers scramble to find some kind of backup channel (like falling back to email). And if we're still falling back to email, then we're not really solving the larger underlying problem of "what should we use instead of email."