lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOJKFBCN+SFV5jUzfu1cxaJqbRtZ=nkporbSMBnydNyhxs84oA@mail.gmail.com> Date: Thu, 10 Jul 2014 17:43:21 -0500 From: Brandon Perry <bperry.volatile@...il.com> To: Fyodor <fyodor@...p.org> Cc: Full Disclosure Mailing List <fulldisclosure@...lists.org> Subject: Re: [FD] Should it be better ... Thank you for bringing this up. When posting my information, I was actually assuming a brief description with links was preferred if you were so inclined to read after a summary. I, for one, didn't grow up on those types of lists and had never even looked at bugtraq from that early on. I also think it is easy for someone my age, whom may have been using some of the same links for content for years, to make assumptions that a link will be good for an indefinitely-extended period of time. I am really glad you brought this point up. I actually got lost for a couple hours reading old bugtraq after you posted this and it is absolutely fascinating. On Thu, Jul 10, 2014 at 12:07 PM, Fyodor <fyodor@...p.org> wrote: > On Thu, Jul 10, 2014 at 7:51 AM, Pablo <paa.listas@...il.com> wrote: > > > [Would] it be better to include the Advisory Details/exploit/code in the > > body of the email to FD, and not in a link to a blog/site/company so the > > list archive will be an archive and not a index to some, possible down, > > link? > > > > Yes, it is absolutely better to include full details in the body of the > message rather than just a link. I haven't been rejecting the link-only > messages (as long as there is at least a brief summary), but they are > annoying. Not only are they a pain to read (need to open a browser and/or > follow a link), but they screw up the archives. Right now we're able to > browse Bugtraq from more than 20 years ago, and it's fascinating: > > http://seclists.org/bugtraq/1993/Nov/index.html > > But if those messages were just links to other sites, how many would still > work? Hardly any. > > Now it's perfectly fine to ALSO include a link to the advisory on a web > site. Just include full details in the body of the post too. The main > exception is binary attachments. If an attachment is more than 500K or a > megabyte, just link it that attachment (in the descriptive text body of > your post) to avoid clogging up people's mail spools. Also, if you're > posting someone else's work (like a news story or 3rd party blog or > whatever), there may be copyright issues with just pasting the whole thing > into your message. Still, try to include at least the first few paragraphs > or a summary so we know what it is. > > Thanks, > Fyodor > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists