Date: Sat, 1 Jul 2017 13:57:55 +0200 From: Mark Hatle <mark.hatle@...driver.com> To: <oss-security@...ts.openwall.com>, Solar Designer <solar@...nwall.com> Subject: Re: accepting new members to (linux-)distros lists On 6/30/17 10:16 PM, Solar Designer wrote: > On Fri, Jun 30, 2017 at 12:55:16PM -0700, Seth Arnold wrote: >> On Fri, Jun 30, 2017 at 03:22:09PM +0200, Solar Designer wrote: >>> http://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back >>> >>> No volunteers so far? I know some of you are actually helping with >>> these, but I'd prefer that you explicitly take responsibility for them. >> >> I didn't volunteer for the things that I've already done on occasion. >> Since I'm on the west coast of the united states and tend to sleep in and >> work late (and spend entirely too much time in mutt already) I'm often the >> first to spot new postings to the list if made during a few hour window. >> >> In those hours I'll let people know their post made it through the list. >> (This is common practice on the list since the anti-spam setup just >> drops mails that lack [vs] or [vs-plain] in the Subject: line. Frequent >> posters who aren't subscribed know to look for confirmation mails from >> list readers to see if their posts made it through and re-send if they >> don't get a reply.) >> >> But this window really only works a few hours each day, a few days each >> week. If I _sign up_ for this task, the other 160 hours each week would >> get worse. >> >> Communally shared tasks have felt fine to me so far. Yes they often fall >> to you, but not always. And if you weren't always attached to your MUA, >> perhaps it wouldn't always fall to you either. :) > > We can list multiple distros per task. Or we can list Ubuntu, and that > wouldn't mean only you - but rather that Ubuntu's team should handle it. > Would that work for Ubuntu? We (Wind River) can take a more active role in at least some of the administrative tasks.. However, I can assure you we don't have the time or ability to do it ourselves. So the more then one 'actor' on an action would definitely be what I suggest. Unfortunately I really don't have a good sense (based on the link to the tasks) as to what would be appropriate to volunteer for. I'm open to suggestions. --Mark > With multiple distros listed, there will need to be some coordination > between them - e.g., inform each other when transferring responsibility > (such as before several people go on vacation), or separate duties by > time of day. > > I agree that for something as simple as getting back to message senders > this might not be worth the coordination. So maybe one of the distros > wanting to join now would take this task, which would also serve to show > they care at least to read all messages promptly. And the distros who > have been on the list for a while take less trivial tasks. > > Regarding the anti-spam setup, it's not exactly as bad as you describe. > Messages are not dropped - rather, they're rejected during the SMTP > session, in response to DATA command end. I hope that with most setups > on the other end, this results in the sender (person) getting notified. > > What worries me is that for messages that are sent to us in plaintext, > this means they might be exposed to someone watching network traffic > even in cases when we don't yet accept and relay the message (because of > it initially lacking this tag). Yet getting encrypted spam (for a > little while, before I made this setup) was no good. > > Alexander >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ