lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2096075207.10725731302639589706.JavaMail.root@zcs-mbs03.it.mtu.edu>
Date: Tue, 12 Apr 2011 16:19:49 -0400 (EDT)
From: Ryan Sears <rdsears@....edu>
To: rancor <therancor@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Announcement posts and the charter (was Re:
 INSECT Pro 2.5.1 released)

Yeah, I second that. 

Where do you draw the line if you do start making up rules like that? What about a vulnerability like path-disclosure or insufficient anti-automation? Granted they're not huge bugs, but they ARE bugs. 

There's crap I don't want to read on this list, but that's a decision I have to make. Granted the INSECT Pro minor releases are a bit annoying, but no more then cal sending porn to the list. 

It's whatever, un-moderated means exactly that. No-one can tell anyone else what to release/write. Period. 

Ryan

----- Original Message -----
From: "rancor" <therancor@...il.com>
To: "Steve Pinkham" <steve.pinkham@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Sent: Tuesday, April 12, 2011 3:50:59 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released)

What to do about it? It's not moderated?

Just ignore stuff and use the often used key called delete. Simple as that
=)

// rancor
Den 12 apr 2011 21.16 skrev "Steve Pinkham" <steve.pinkham@...il.com>:
> On 04/12/2011 09:04 AM, phil wrote:
>> Just keep that simple, the post hit the non acceptable content.
>>
>> "Gratuitous advertisement, product placement, or self-promotion is
>> forbidden."
>>
>>
>>
>> My opinion, but if the product could be free, like it was, then I don't
>> mind seeing those kind of post, but for anything commercial FD is not
>> there for that.
>>
>
> I agree, but think that intuition should be inscribed in more precise
> language.
>
> That whole sentence starts out with "Gratuitous", which to me seems to
> be unclear to both native and non-native speakers alike. IMHO It's just
> too easy to justify to yourself that what you are doing is does not
> violate wording of the charter, and therefore I think the charter should
> be more explicit.
>
> When would it be OK(non-gratuitous) to mention a tool? When it comes
> with a new vulnerability class? When it was used to find a particular
> flaw? When it shows a novel way of finding flaws of a particular class?
> When the tool is Open Source, such that the tool is an embodiment of
> knowledge being shared?
>
> This whole issue with INSECT Pro show a lack of consensus on what
> advertisement means, and what kicked it off was a disagreement about
> what the definition of a "free" product is.
>
> I'm coming around to the idea that the rules should be based on
> knowledge transfer. My intuition is that only projects with OSI
> approves licenses should be allowed(as Tim argued), unless you are
> releasing a tool of any sort along with a new class of vulnerability.
> Also, announcements of more then 1 per six months should be forbidden
> for any project. This would serve as a sort of default deny rule to
> keep the most annoying types of announcements at bay.
>
> Any other thoughts?
>
> The other posibility is the current wording sufficient as a simple
> "Don't be a dick" kind of rule, and more specific rules would be lost on
> those who have no problem with being a dick. I would argue that more
> guidance in the charter on this issue might be worthwile for the
> majority of people who do not in fact want to break Wheaton's law.
>
>
>>
>> -phil
>>
> --
> | Steven Pinkham, Security Consultant |
> | http://www.mavensecurity.com |
> | GPG public key ID CD31CAFB |
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ