Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Apr 2008 15:39:38 -0600
From: Vincent Danen <vdanen@...sec.ca>
To: Jonathan Smith <smithj@...ethemallocs.com>
Cc: Josh Bressers <bressers@...hat.com>,
	Solar Designer <solar@...nwall.com>,
	Andrea Barisani <andrea@...ersepath.com>,
	oss-security@...ts.openwall.com
Subject: Re: announcing oCERT & oss-security to Bugtraq & f-d

* [2008-04-04 12:08:07 -0800] Jonathan Smith wrote:

> |> I'm not comfortable with the current timeline for this.  One day is not
> |> enough time to draft a proper announcement.
> |>
> |> Again though, this question belongs on the list, not here.
> |
> | [snip]
> |
> | I don't have a problem with it being announced at the same time, but I
> | do think that one day is pretty short notice to draft a decent
> | announcement (i.e. something that won't result in a "why do we need
> | another ml like fd or bugtraq" barrage of postings), because we need to
> | figure out the best way to do this so we don't get people like "n3td3v"
> | coming to the list.
>
> I've got to agree with Vincent here. We didn't have much heads-up about
> this. Having folks on-list who shouldn't be was my main concern with
> oss-security to begin with, and posting the list to the masses (at this
> point in time) isn't going to make that easier.
>
> That being said, we need to figure that out before oss-security can be
> useful to a broader range of people and projects.

I'm ok with un-moderated read-only access.  I think that's a fine idea.
I do think, to keep the signal-to-noise-ratio (not to mention the BS
that plagues other lists like FD) down.

> |> I'm also quite happy with the rather slow growth we're currently
> |> seeing on
> |> the mailing list.  We need a solid base before we can handle what will be
> |> explosive list growth from a big public announcement.
> |
> | I think we should activate membership moderation before we make a big
> | public announcement for exactly this reason.  Which is why we need more
> | than one day... this needs to be discussed amongst members and needs to
> | be noted in the announcement (to keep the idiots from trying to
> | subscribe and then us having to punt a bunch of them after the fact).
>
> Yep. But, I still think we should allow read-only memberships without
> moderation. Having to read oss-security through rss or a web interface
> would be frustrating.

I have no problem with this, and I think ezmlm should be able to do this
easily enough.  Solar, correct me if I'm wrong.

> |> Additionally, this discussion belongs on the oss-security list, not
> |> between
> |> the current CC list.  It's a public group run by the members.
> |
> | This I do agree with.
>
> Indeed. I'm CCing oss-security with this email.

Good idea.

-- 
Vincent Danen @ http://linsec.ca/

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.