Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Sun, 17 Feb 2008 15:51:25 -0700
From: Vincent Danen <vdanen@...sec.ca>
To: oss-security@...ts.openwall.com
Subject: Re: welcome

* [2008-02-17 02:17:25 +0300] Solar Designer wrote:

>On Fri, Feb 15, 2008 at 09:10:16PM -0900, Jonathan Smith wrote:
>> One nitpick before we get too established... would it be possible to
>> turn off reply-to-list? That is what "reply to all" is for in mail
>> clients :-)
>
>Yes, I can easily change this setting, but I like it the way it is now -
>and I suspect that many (most?) other list members do as well.  I find
>that having Reply-To on discussion lists pointing to the list address
>helps ensure that discussions don't unnecessarily go off-list and that
>list members are not unnecessarily CC'ed on responses.  (I realize that
>some actually prefer to be CC'ed because of the way their mail readers
>are configured.)  If/when we start getting a lot of desirable postings
>from non-members, we may change this setting to make it easier to CC
>such non-members on responses.
>
>If anyone else has an opinion on this matter (regarding this specific
>list indeed), please speak up.

I like the reply-to-list.  I usually forget to do a reply-to-all and end
up losing the list.  Bad habits on my part, and I don't think I'm alone
(either that or I'm a complete idiot).

>> I'm not sure if this is possible, but I'd like to see read-only
>> subscriptions. That is, folks can "subscribe" and get the list via email
>> without having to be approved to post to the list. See below for more
>> discussion on this isssue.
>
>The easiest way to achieve this, without patching the code, is to create
>a second ezmlm-idx list with announcement-only settings and subscribe it
>to this list.
>
>But I am not sure if having a completely read-only list is any better
>than having message pre-moderation.  The difference is in what happens
>to posting attempts from non-pre-approved addresses.  Do we want such
>messages bounced or submitted to a moderator?

I don't see the point of a read-only list when we have public archives.
It seems overly complex to me to do a read-only list subscribed to the
other list *and* have public archives.

I also think subscriptions should be moderated, and postings from
non-members should be moderated as well.  I think the last thing anyone
wants is to see spam on the list, or someone going on an off-topic
tirade or some other idiocy (if we wanted that, we'd all be chatting on
fd).

-- 
Vincent Danen @ http://linsec.ca/

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux