Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 30 Mar 2014 19:41:22 +0300
From: Georgi Guninski <>
Subject: Re: [OT] FD mailing list died. Time for new one

Not subscribed to oss-security.

Just for the record of the old FD,
i posted there anonymously and
even killed at least one bug in 
widely used open source warez in
un-orthodoxal way.

The CVE servants got the bug
significantly later after the
announcement :)

maybe solardiz is using the
mainstream patch i suspect.


On Sat, Mar 29, 2014 at 10:08:02PM +0400, Solar Designer wrote:
> On Mon, Mar 24, 2014 at 04:17:45PM +0200, Georgi Guninski wrote:
> > it is likely I get banned from here,
> Georgi surely worked hard towards achieving this goal, in other threads
> in here as well.  While I have no intent to ban anyone, especially not
> someone like Georgi who has made valuable contributions to this
> community (I am referring e.g. to the qmail integer overflow bug, which
> I personally think Georgi deserved the bounty for), I will be revoking
> moderation bypass "privilege" from people abusing such "privilege".
> In general, when a new member joins oss-security they do not have
> moderation bypass "privilege", regardless of who they are.  As soon as
> they've made one or a few approved posting(s) with no postings rejected
> (like Georgi did when bringing up the FD list topic initially), they're
> typically granted such "privilege", in good faith, because this helps
> reduce delays in discussions and reduces load on the moderators.
> However, as easily as this is granted, it may be revoked - again,
> regardless of who the person is and how valuable a community member
> they are in other aspects (as well as e.g. whether they're a friend of
> mine or not).  Neither action should be taken personal.  Moderation
> bypass "privilege" is not endorsement, and revoking it is not banning.
> This is merely a tool I use to help run this list smoothly and with less
> effort.  This is why I put this word in quotes.
> So, Georgi, you're still not banned, and I have no such plans, but
> please do not be surprised that further messages from you will incur
> delays and some might be rejected.  I and other moderators are going to
> judge on which messages to approve based on the content of those
> messages, as usual.  If you (or anyone) post something reasonably
> valuable to be worth distributing to list members, it will be approved
> (and please don't mind the delays).  A few of your recent messages were
> below this threshold, in my opinion.
> I hope that Fyodor will be approving all of your messages on FD.  If I
> were running FD, I'd setup/keep the moderation bypass for you on that
> list.  After all, FD is all about noise, right? ;-)  And what can be
> better than noise from a(n otherwise) respected community member? ;-)
> oss-security is not FD.  We don't tolerate noise as much.  Noise goes to
> FD, please.
> Now, surely any mention of CVE is worse than noise to you, but that's
> another (non-)issue.  I think most people care about the actual vuln
> descriptions and such regardless of whether CVEs are being assigned.
> That said, this is yet another reason why FD is a better fit for you.
> Thanks,
> Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ