Date: Sun, 30 Mar 2014 19:41:22 +0300 From: Georgi Guninski <guninski@...inski.com> To: oss-security@...ts.openwall.com Cc: solar@...nwall.com Subject: Re: [OT] FD mailing list died. Time for new one Not subscribed to oss-security. Just for the record of the old FD, i posted there anonymously and even killed at least one bug in widely used open source warez in un-orthodoxal way. The CVE servants got the bug significantly later after the announcement :) maybe solardiz is using the mainstream patch i suspect. -- guninski On Sat, Mar 29, 2014 at 10:08:02PM +0400, Solar Designer wrote: > On Mon, Mar 24, 2014 at 04:17:45PM +0200, Georgi Guninski wrote: > > it is likely I get banned from here, > > Georgi surely worked hard towards achieving this goal, in other threads > in here as well. While I have no intent to ban anyone, especially not > someone like Georgi who has made valuable contributions to this > community (I am referring e.g. to the qmail integer overflow bug, which > I personally think Georgi deserved the bounty for), I will be revoking > moderation bypass "privilege" from people abusing such "privilege". > > In general, when a new member joins oss-security they do not have > moderation bypass "privilege", regardless of who they are. As soon as > they've made one or a few approved posting(s) with no postings rejected > (like Georgi did when bringing up the FD list topic initially), they're > typically granted such "privilege", in good faith, because this helps > reduce delays in discussions and reduces load on the moderators. > However, as easily as this is granted, it may be revoked - again, > regardless of who the person is and how valuable a community member > they are in other aspects (as well as e.g. whether they're a friend of > mine or not). Neither action should be taken personal. Moderation > bypass "privilege" is not endorsement, and revoking it is not banning. > This is merely a tool I use to help run this list smoothly and with less > effort. This is why I put this word in quotes. > > So, Georgi, you're still not banned, and I have no such plans, but > please do not be surprised that further messages from you will incur > delays and some might be rejected. I and other moderators are going to > judge on which messages to approve based on the content of those > messages, as usual. If you (or anyone) post something reasonably > valuable to be worth distributing to list members, it will be approved > (and please don't mind the delays). A few of your recent messages were > below this threshold, in my opinion. > > I hope that Fyodor will be approving all of your messages on FD. If I > were running FD, I'd setup/keep the moderation bypass for you on that > list. After all, FD is all about noise, right? ;-) And what can be > better than noise from a(n otherwise) respected community member? ;-) > > oss-security is not FD. We don't tolerate noise as much. Noise goes to > FD, please. > > Now, surely any mention of CVE is worse than noise to you, but that's > another (non-)issue. I think most people care about the actual vuln > descriptions and such regardless of whether CVEs are being assigned. > That said, this is yet another reason why FD is a better fit for you. > > Thanks, > > Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ