lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: josh at nicepeople.org (Josh)
Subject: Feeding Stray Cats

I had given up on this thread as a loss,  but I feel a bit of hope renewed.

If you have posts to the announce list post to the open list, it will 
eliminate the issue of discussion.  In this manner you allow those who 
don't have time to wade through all discussions to be able to weigh in 
on announcements at their leisure rather than slogging through 50+ posts 
a day. 

A similar model which worked well for this was the Attrition defacement 
list. 

Attrition.org had a government list which only sent out emails about 
.gov websites which many gov people had forwarded to their pagers,  this 
would filter out the 300 other sites per day which were owned after the 
Unicode hole came out.  The govt list posts were still sent to the full 
defacement list, it was just a nice method by which to filter it.  If we 
could get someone to moderate announcements only (of which there are 
very few) or take announcements and cross post them to another announce 
only list,  it would allow those who need the information in a timely 
fashion to get it,  and be able to review and comment at a later date.

Another option is to leave the announce list open, with the 
understanding that only announcements of a critical nature need be 
posted there, and that all other posts get posted to FD.  I know I 
didn't need to read Paul's fight with morning wood, or the instruction 
of someone on how to return a firewall back to defaults (deny all).  If 
people all replied to the posts with proper mail clients, I could just 
zip up the thread, but unfortunately there are some security 
professionals out there who don't know how to use their mail clients. 
 If someone begins to abuse the announce list, deal with that topic at 
that point.  Hopefully those who are subscribed would  have enough 
common sense to not abuse the announce list.

There IS a reason to change:  You WILL drive away anyone with clue if we 
continue down the same track.

My $.02
-Josh


Stephen Clowater wrote:

> True, But the problem with the announce list is it does take away the 
> disccusion of issues, which is what this list is about. The issue is 
> it has been polluted with crap, and bitching about that crap (ie - 
> This email :) ) and has deaparted from the breif, proffessional, 
> meaningful discussions about security issues, to a form that resembles 
> an IRC channel.
>
> The list really needs to be loosely moderated, at least for a while. 
> I'm not sure how practical it is to do that, Len could comment more 
> correctly on that point than myself, however, as for a open solution 
> (ie - not moderated), I really do not have any clue on how it could be 
> done.
>
> If anyone has an open solution, I think it should be posted to the 
> list and cc'ed to Len. I think this is one off-topic disscusion that 
> we need to have if full disclosure is to reamain a valid forum for 
> discussing in a meaningful, restrained, and proffessional manner 
> (pardon my spelling :) )
>
> Steve
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>



Powered by blists - more mailing lists