Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 04 Apr 2008 12:08:07 -0800
From: Jonathan Smith <>
To: Vincent Danen <>
CC: Josh Bressers <>, 
 Solar Designer <>,
 Andrea Barisani <>,
Subject: Re: announcing oCERT & oss-security to Bugtraq & f-d

Hash: SHA1

Vincent Danen wrote:
| * [2008-04-04 15:35:53 -0400] Josh Bressers wrote:
|>> Andrea Barisani wrote:
|>> >
|>> > Do you think you could make that announcement soon? Press is
|>> already covering
|>> > oCERT, so it makes little sense delaying f-d + bugtraq that much,
|>> if you
|>> > think it's going to be delayed by days then maybe we can announce
|>> separate.
|>> I think that it's best to not delay our joint announcement.
|>> Josh, Vincent, Jonathan - what do you think?
|> I'm not comfortable with the current timeline for this.  One day is not
|> enough time to draft a proper announcement.
|> Again though, this question belongs on the list, not here.
| [snip]
| I don't have a problem with it being announced at the same time, but I
| do think that one day is pretty short notice to draft a decent
| announcement (i.e. something that won't result in a "why do we need
| another ml like fd or bugtraq" barrage of postings), because we need to
| figure out the best way to do this so we don't get people like "n3td3v"
| coming to the list.

I've got to agree with Vincent here. We didn't have much heads-up about
this. Having folks on-list who shouldn't be was my main concern with
oss-security to begin with, and posting the list to the masses (at this
point in time) isn't going to make that easier.

That being said, we need to figure that out before oss-security can be
useful to a broader range of people and projects.

|> I'm also quite happy with the rather slow growth we're currently
|> seeing on
|> the mailing list.  We need a solid base before we can handle what will be
|> explosive list growth from a big public announcement.
| I think we should activate membership moderation before we make a big
| public announcement for exactly this reason.  Which is why we need more
| than one day... this needs to be discussed amongst members and needs to
| be noted in the announcement (to keep the idiots from trying to
| subscribe and then us having to punt a bunch of them after the fact).

Yep. But, I still think we should allow read-only memberships without
moderation. Having to read oss-security through rss or a web interface
would be frustrating.

|> Additionally, this discussion belongs on the oss-security list, not
|> between
|> the current CC list.  It's a public group run by the members.
| This I do agree with.

Indeed. I'm CCing oss-security with this email.


Version: GnuPG v2.0.9 (GNU/Linux)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.