lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 10 Jul 2014 16:01:49 -0700
From: Fyodor <>
To: Dave Horsfall <>
Cc: Full Disclosure <>
Subject: Re: [FD] Meta: List moderation

On Thu, Jul 10, 2014 at 2:47 PM, Dave Horsfall <> wrote:

> As this list is "lightly moderated," is it the practice to inform posters
> that their submissions have been rejected (like the metzdowd crypto list)
> or are they quietly bit-bucketed?

Hi Dave, good question. Right now, it is a mix. Most of the moderated
messages are just a sentence or two (jokes, opinions, pithy comments, etc.)
 There usually isn't anything "wrong" with them, except that the message
probably only needs to go to the person it is directed at (replied to) and
doesn't need to be rebroadcast to 10,000 people. In these cases, it is a
bit of a burden to write out a description (often longer than the message
itself) off why the message wasn't sent through to the list.  But if it
looks like someone spent a long time composing a message and it isn't
appropriate for some reason, or if the message should be resent with a
slight change (like the URL they gave doesn't work or they forgot to
include an attachment), I try to send a response.

So for now, if you want to check if your message got through to the list,
check  whether it made the archives at
.  If your message contained valuable security information and didn't get
through, feel free to email me.  But first wait at least 24 hours first
because it may just be waiting in the moderation queue.

I'm not saying this is an ideal approach, but this is how it works now.
 Here are my plans for (I hope) improvement:

1) Write up and install a list-specific Mailman template for messages which
aren't put through to the list.  It would list all the common reasons and
so people can be notified without me having to write a custom note each

2) Hold a listmember survey (using a webapp, not hundreds of list posts)
for people to express what they want to see more or less of on the list.
 Things like conference CFPs, questions for the community, zero-day
exploits, security rants and raves, jokes, etc. Maybe we'll intentionally
include a SQL injection bug in the survey webapp, and folks who find it get
to vote twice :).  OK, not really.

3) Send the results of the survey to the list and try to recruit a few more
moderators to implement the "will of the people".

4) Once everything is running smoothly in good hands, I hope to step down
as one of the moderators so I have more time to focus on Nmap development
and also backend list stuff list like maintaining the Mailman software,
mail server, DNS servers, spam filtering, and Seclists archives.

I hope this helps!

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists