| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030419193846.79235319B1@www.fastmail.fm> From: cnupt42 at eml.cc (cnupt42@....cc) Subject: requires full discussion of political and legal aspects of security yes i'm making a political statement by just joining this list... the good thing is there's no repracations, as with theo and dod. On Sat, 19 Apr 2003 08:25:02 -1000, "Jason Coombs" <jasonc@...ence.org> said: > Matthew Murphy wrote: > > These kind of discussions, while interesting to some list members, are not > > why I subscribe to this list. The list's purpose is for discussion of > > security issues -- Theo de Raadt's poor cry baby routine is not a security > > issue. Please keep off-topic discussions like this to a minimum, as they > > will destroy this list. List subscribers, many of whom are looking for > > actual vulnerability details (and not discussion of world ideals), will > > begin to leave in droves if posters do not learn to show basic restraint. > > If it isn't a security issue, don't post it. Period. I will adopt this > > policy from this post forward, and I encourage others to do the same. > > As somebody who has conspicuously and intentionally pushed for more > political > discussion on this list, I must say first that I disagree completely and > second that I have no intention of withholding political discussions from > this > list so you'll either have to tolerate (or filter) me, or lobby Len to > block > my postings if they really offend you. > > Geek crypto tech cipherpunk penetration and vulnerability discussions > without > political and legal context encourage and foster gross misunderstanding > of > reality and place those who engage in security and cryptography research > at > risk of unreasonable prosecution and persecution beyond socially > acceptable > and beneficial self-regulation. > > You've already made a political statement by joining this list: you > reject the > politics of partial-disclosure or no disclosure on the grounds that you > and > those who rely on you for expertise are best served when everyone > receives > full and timely disclosure of vulnerability details. You are implicitly > insisting that forces of oppression that curtail disclosure and > discussion do > far more harm than good. > > I reject your implication, and the implication of others on this list who > have > communicated as much to me in the past, that political and legal > discussions > pertaining to security are harmful to the list's well-being and focus. > > You've probably noticed that with a couple exceptions we all know better > than > to engage in flame wars, especially over a non-technical political or > legal > matter. This self-regulation is working, and the tone and scope of > discussion > on this list coupled with the lack of restrictive moderation makes it > superior > to bugtraq and others. > > The most compelling reason to support thoughtful and well-informed > political > and legal discussions rather than cast hate upon them as having nothing > to do > with the topic of security is that we who support full disclosure are > wise, > patriotic, law-abiding realists whose understanding of the technical > subject > matter combined with our experience in the real world convince us beyond > any > doubt that only the self-interested minority of power and money elite > benefit > from suppressing full disclosure -- and we recognize, being realists, > that > every disclosure made without the full support of the self-interested > minority > places those responsible at risk. > > You cannot seriously sit on the sidelines of this list, exposing yourself > to > (nearly) zero risk (*), and benefit from the hard work being done and > hard > risks being taken by others, while simultaneously proclaiming that > discussion > of the political and legal risks being taken by those who do the work > that > benefits you is somehow off-topic. > > In the good 'ol days there used to be an explicit requirement for > contributions from every member who benefits from the risks being taken > by > others. Either you contributed, and thus took some risk yourself, or you > were > not entitled to benefit from the risk-taking of others. We've moved > beyond > that point now, and realize that it would be wrong to withhold the > benefits > from anyone: this is the essence of full disclosure. > > But don't tell me this list is not political. If it's just bugtraq > without > Dave Ahmad then I need to unsubscribe. > > Sincerely, > > Jason Coombs > jasonc@...ence.org > > (*) During World War II, the Nazis apparently used telephone company > records > to find out who called who. Whenever they hauled a family off to a gas > chamber, they were sure to check that family's telephone records to > determine > who else they needed to haul off to the gas chamber also. Therefore, > simply > subscribing to this list with an e-mail address that is traceable to your > real > identity places you at risk whether you choose to believe it or not. > Anyone > who fails to understand the full scope of information security risk, > inclusive > of its sometimes-subtle and sometimes-dangerous political and legal > aspects, > fails to understand both history and human nature. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- http://www.fastmail.fm - mmm... fastmail?
Powered by blists - more mailing lists