Status of rubyonrails-security and ruby-security-ann

Hi all, previously Rails security announcements were posted to the rubyonrails-security and (for some gems) ruby-security-ann Google Groups. However, the recent security announcements this year do not appear to have been posted to these lists. Is this intentional? We have automation set up internally based on these lists so that we get notified when security announcements are released, so that we can react urgently to these types of issues. It appears that the docs, at least, still links to the rubyonrails-security list:

The security landscape shifts and it is important to keep up to date, because missing a new vulnerability can be catastrophic. You can find additional resources about (Rails) security here:

However, it appears these lists have been removed from the security policy. Was there an announcement of the deprecation of these groups somewhere that we missed?

It is intentional. Google Groups started to require a Google account to be able to subscribe to the mailing list, so we moved to a neutral place that we can control and don’t require account from third-party services to be able read the announcements.

I’ll post a message in the rubyonrails-security group making its retirement official.