The answer to this question probably deserves a blog post. But, as mentioned by @willejs here (https://news.ycombinator.com/item?id=7646496), Jenkins has a well established community of plugins and plugin writers and so, is quite extensible. Go has good visualisation and good modeling capability, allowing you to model complex build and deployment workflows using a combination of tasks running in parallel and serial.
Both have many more pros and cons. To do justice to it, it needs a blog post. Let's see. Maybe I'll write one soon.
This isn't currently supported, although Sirius has some options that might be helpful. Sirius isn't really a data store per se; it's really a persistent, replicated update stream (transaction log) aimed at letting you build and maintain your own in-process representation of the dataset.
As such, you could set up a separate cluster running in "follower" mode, subscribing to the stream of updates and them writing them out to some other datastore.
While similar, Serf and Etcd solve a different problem. Etcd is strong consistent (all nodes will see the same data, however a partition may cause the system to not accept writes) while Serf is eventually consistent (all nodes are not guaranteed to see the same data, however the system will always accept writes)
So somethings like a distributed lock is impossible to implement with Serf.
Some companies like to practice 'security by obscurity' to the fullest. They sometimes try to keep bugs from being disclosed by researchers using various means of ignore up to legal threats or other non disclosure contracts.
Often when things are at a really bad state its in the public interest to make sure these issues get fixed rather than brushed under the carpet. Hence it gets posted on various sec ML lists to ramp up pressure.
Why would you follow any mailing lists for security in 2014? The concept of a security mailing list predates Twitter, vulnerability databases, Reddit, and blogs. But we have all those things now, and they are all better than Full-Disclosure on its best days.
Yeah people keep telling me mail is dead, but its still kicking around and is very well alive. Let me edit my initial question to be email neutral though.
Secunia has a free Secunia Weekly Advisory Summary newsletter. You need to register for an account at https://secunia.com/community/profile/ and tick a box for a weekly summary IIRC.
But it's probably easier and more convenient to subscribe for announce mailiing lists for software you're using. Unless you can turn off affected services or scramble and patch before maintainers.
No substitute for email, but VuXML is an interesting, machine-readable, and therefore potentially extremely useful way of distributing security advisories:
http://h5bp.github.io/Effeckt.css/
http://h5bp.github.io/Effeckt.css/off-screen-navs.html