Date: Mon, 18 Feb 2008 22:16:53 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: wiki On Mon, Feb 18, 2008 at 08:56:16AM -0700, Vincent Danen wrote: > Hmmm... so where's the Openwall vendor info, eh? <wink wink> =) Added. Earlier today, I wrote: > >Also, I've noticed what I think is a major issue with the wiki - > >although it is configured to obfuscate e-mail addresses, it only does so > >when displaying the latest revision of a page. Older revisions and page > >source appear with the e-mail addresses intact, ready to be grabbed by a > >"spambot". It turned out that the older revisions were also subject to automated e-mail address obfuscation, and the reason I got confused was that I was looking specifically at the welcome page where you did not enter this list's address in the DokuWiki-supported format right away. And it only obfuscates e-mail addresses it recognizes - not anything with an @-sign. So we need to be very careful about this - e-mail addresses must be entered as <user@...mple.org> - with the angle brackets. Anyway, I went ahead and corrected this in the old revisions for the welcome page (using VIM on files in the attic) - I hope you don't mind. As to page source, I've disabled the view source / export raw feature. Of course, logged in users with page editing rights can view the source with non-obfuscated e-mail addresses anyway, but let's hope "spambots" are not that good yet - and at a later time we might want to (or have to) revoke page editing rights for new user accounts anyway. > > ... I think that some of the content to add would be list charter for > >oss-security (Josh?) and official(?) or primary description of > >vendor-sec. For the latter, we can take the text from the recently > >created Wikipedia page - http://en.wikipedia.org/wiki/Vendor-sec - then > >have the Wikipedia page backed by the already-public info on our wiki. > > These sound like good ideas to me. Particularly the bit on vendor-sec. OK, so who is to create the page on vendor-sec? It'd be great if the same people who edited the Wikipedia page would do it, but Steve Kemp did not join us on this list - and I can't force people to join... OK, maybe I can ask him about that. > I think for this to become effective, we need to expose it more We'll definitely expose the oss-security wiki. I am going to mention it in one of Openwall news items and in an announcement list posting. > and at the same time we can expose vendor-sec a little bit more too. Yes, this is what will happen, and it appears that vendor-sec members are either for greater exposure or feel neutral about it. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ