Date: Fri, 04 Apr 2008 12:08:07 -0800 From: Jonathan Smith <smithj@...ethemallocs.com> To: Vincent Danen <vdanen@...sec.ca> CC: Josh Bressers <bressers@...hat.com>, Solar Designer <solar@...nwall.com>, Andrea Barisani <andrea@...ersepath.com>, oss-security@...ts.openwall.com Subject: Re: announcing oCERT & oss-security to Bugtraq & f-d -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vincent Danen wrote: | * [2008-04-04 15:35:53 -0400] Josh Bressers wrote: |>> Andrea Barisani wrote: |>> > |>> > Do you think you could make that announcement soon? Press is |>> already covering |>> > oCERT, so it makes little sense delaying f-d + bugtraq that much, |>> if you |>> > think it's going to be delayed by days then maybe we can announce |>> separate. |>> |>> I think that it's best to not delay our joint announcement. |>> |>> Josh, Vincent, Jonathan - what do you think? |>> |> |> I'm not comfortable with the current timeline for this. One day is not |> enough time to draft a proper announcement. |> |> Again though, this question belongs on the list, not here. | | [snip] | | I don't have a problem with it being announced at the same time, but I | do think that one day is pretty short notice to draft a decent | announcement (i.e. something that won't result in a "why do we need | another ml like fd or bugtraq" barrage of postings), because we need to | figure out the best way to do this so we don't get people like "n3td3v" | coming to the list. I've got to agree with Vincent here. We didn't have much heads-up about this. Having folks on-list who shouldn't be was my main concern with oss-security to begin with, and posting the list to the masses (at this point in time) isn't going to make that easier. That being said, we need to figure that out before oss-security can be useful to a broader range of people and projects. |> I'm also quite happy with the rather slow growth we're currently |> seeing on |> the mailing list. We need a solid base before we can handle what will be |> explosive list growth from a big public announcement. | | I think we should activate membership moderation before we make a big | public announcement for exactly this reason. Which is why we need more | than one day... this needs to be discussed amongst members and needs to | be noted in the announcement (to keep the idiots from trying to | subscribe and then us having to punt a bunch of them after the fact). Yep. But, I still think we should allow read-only memberships without moderation. Having to read oss-security through rss or a web interface would be frustrating. |> Additionally, this discussion belongs on the oss-security list, not |> between |> the current CC list. It's a public group run by the members. | | This I do agree with. Indeed. I'm CCing oss-security with this email. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkf2iqYACgkQCG91qXPaRembWQCgqOLVlp621ycKIApI5t9CSLPT 43EAoKaXEQuQvtVb0LCc1T6fzPSe6CT5 =CYpo -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.