Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Mar 2014 23:29:11 +0400
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Subject: Re: [OT] FD mailing list died. Time for new one

On 19-Mar-2014 09:33:58 -0700, Dean Pierce wrote:

 > Hosting? That's what the cloud is for.

Not for any sensitive data. And vulnerability descriptions are very
sensitive...

 > I have no idea who runs
 > https://groups.google.com/group/FullDisclosure
 > but they seem modeled after original fd charter.

Modelling a charter is easy... But I bet they'll fail on gathering
all previous FD members.

 > I trust Google as a neutral third party more than I would trust
 > most security researchers.

Bwa-ha-ha-ha-ha...

Behind that party which you possibly may trust, there's a B.B.,
which is even worse than a Big Brother - as it's a Big Business.

When a Big Business faces something, it asks itself two questions:
0. Could it cause any loss?
1. Could it bring any profit?

Suppose someone posts a zero-day vulnerability on the list which
affects the BB; do you really think it wouldn't be censored out?

No doubt, it will - otherwise that will Cause a Loss, and that's
inacceptable for BB.

Also, several days before FD shutdown there was a long thread
related to some vulnerabilities in Google services... Although
John Cartwright didn't name anyone, I can't be sure these two
events are unrelated.

 > They already host all the old newsgroup archives. It's also
 > free, easily consumable, and most importantly, babysat for
 > security issues in a way that even a team of skilled volunteers
 > would have a hard time pulling off.

I'd prefer participating on the list hosted by some party which
isn't directly affected by list postings - say, some ISP.


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.