Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2008 08:56:16 -0700
From: Vincent Danen <vdanen@...sec.ca>
To: oss-security@...ts.openwall.com
Subject: Re: wiki

* [2008-02-18 17:23:28 +0300] Solar Designer wrote:

>> I've setup a few pages to give it some structure and content.
>
>Yes, and I notice that Matthieu has added some more content to the pages
>you had created.  Thanks to both of you!

Hmmm... so where's the Openwall vendor info, eh?  <wink wink>  =)

>Also, I've noticed what I think is a major issue with the wiki -
>although it is configured to obfuscate e-mail addresses, it only does so
>when displaying the latest revision of a page.  Older revisions and page
>source appear with the e-mail addresses intact, ready to be grabbed by a
>"spambot".  I think that we'll need to either fix it in the code (or is
>there a configuration setting I have missed?) or obfuscate e-mail
>addresses manually.  The latter will be of little help for the addresses
>already entered into the wiki as they will remain in the old revisions.

Well, there's maybe a dozen in there and Lord knows the Mandriva
security contact gets more spam than I care to admit.  Those addresses
are pretty public to begin with, so we should either figure out how to
obfuscate the old revisions or do it manually.  I think the dozen or so
addresses that would show up in the old revisions shouldn't be a big
deal (provided we figure/implement something now before it really starts
to get populated).

>> ... setup a redirect on
>> http://oss-security.openwall.org/ so that you get bumped to /wiki/
>> instead of seeing an apache directory listing.
>
>Done.  I've made this a temporary redirect (code 302) such that we can
>replace it with a static page later on (with links to the wiki and to
>non-wiki content that we might add).

Oh good, thanks.

>> Feel free to start adding content.  I think the structure is ok enough
>> to start with, we'll see how it goes from there.  It's pretty
>> straight-forward and should be easy enough to add to (I just added a few
>> links, some pages, etc. but every vendor should be adding their own info
>> there), and others can add content, etc.
>
>Yes.  I think that some of the content to add would be list charter for
>oss-security (Josh?) and official(?) or primary description of
>vendor-sec.  For the latter, we can take the text from the recently
>created Wikipedia page - http://en.wikipedia.org/wiki/Vendor-sec - then
>have the Wikipedia page backed by the already-public info on our wiki.

These sound like good ideas to me.  Particularly the bit on vendor-sec.
I think for this to become effective, we need to expose it more and at
the same time we can expose vendor-sec a little bit more too.

>> I've also registered #oss-security on Freenode for chatting.
>
>Thanks!  I am a little bit concerned that having an IRC channel might
>result in us having less "permanent" content (on this list and on the
>wiki) as questions will be asked and answered on IRC instead...

You'll always have a smaller subset of people on IRC than on the list
(i.e. right now it's just Josh and I).  I don't think it will replace
the list, but supplement it.  I know for Mandriva, it's good to discuss
things on IRC but more often than not a summary of sorts is sent to the
pertinent ml to let the others (who aren't on IRC, or aren't there at a
particular time, etc.) know what's going on, or wha has been discussed,
etc.

I think a medium like IRC is invaluable for "rapid-response" or
brainstorming.  There's nothing to stop a summation of discussion from
going back to the list for further discussion, but it's really useful
for discussing things to get a quick(er) resolution in some cases.  Or
even just bouncing ideas around.

-- 
Vincent Danen @ http://linsec.ca/

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.