lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F26CB4B.4010806@elvandar.org>
From: remko at elvandar.org (Remko Lodder)
Subject: [mailinglists-security] OT but related.

Darren,

I think you are quite right.

Bugtraq has some thingie's i never see on F-D but that is becoming
lesser and lesser since F-D is more and more used.

The only advantage Bugtraq now has, is that Bugtraq only has 
announcements,without people 'flaming' eachother.

On F-D that happends now and on occassion, that can be improved by
telling a 'policy' kind of thing, when one announce's something, the
only feedback that must be given is if the data presented is wrong.
We are all different people and interpret data otherwise, one could
think that he/she is attacked while that isn't ment.

When F-D (and his members) think more about that, it is gearing a lot
more towards a bugtraq kind of list _with_ the possibility to
discuss over various problems (not that i don't mean that the discussion
is about the announcement itself (the content) but the impact it could 
have on systems etc.)

So in short: Don't flame when a announce is made, only give technical 
feedback if needed, and discuss the impact among list subscribers.

I personally think when that happends, F-D is just it!

Perhaps you and the other subscribers share this thought, if not, i am 
interested in your arguments ;-)

Cheers!!



Darren Reed wrote:

> I'm curious to know, does anyone subscribe to full-disclosure BUT NOT
> bugtraq ?  Is there any material that currently appears on bugtraq that
> never appears on full-disclosure ?  Is there anything that owners of
> full-disclsoure could do to bridge that gap, if it exists ?
> 
> My personal current evaluation of the two lists is tending towards bugtraq
> being irrelevant, these days as it becomes more of a vendor-announce list
> (especially for Linux) than a useful forum to particpate in.
> 
> Cheers,
> Darren
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the 
hackerscene


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ