Date: Fri, 4 Apr 2008 23:12:33 -0600 From: Vincent Danen <vdanen@...sec.ca> To: oss-security@...ts.openwall.com Subject: Re: Re: "who shouldn't be on-list" * [2008-04-04 13:46:11 -0800] Jonathan Smith wrote: > security curmudgeon wrote: > | As a new subscriber who did not see specific mention of the desired list > | population, could you clarify who you feel the list is for, or who should > | not be on it? > > As I see it, the list is for members of the open-source community. Thus, > to be admitted to the list, you either have to demonstrate that you're a > developer of a (at least marginally notable) open source project, that > you're a vendor who redistributes oss, or that you're a security > researcher who audits or otherwise interacts with oss. > > This is, of course, only my opinion and may not reflect the rest of the > group's ideas. I think this is a good definition. Bottom-line would be that this isn't a list for end-users. End-users or sysadmins, whatever, could be read-only subscribers... heck, that's no different than reading web archives. But to be a "member" of the list, with posting priveleges, I think you need to be someone who can demonstrate an active role with some OSS -- this does not mean you need to be on a vendor security team, or the apache/samba/whatever security contact. You could be a grunt developer who has an interest in security-related stuff (perhaps good programming techniques, etc.) and as long as you're a member or developer of some OSS with a reasonable exposure, then I think you can have a voice on the list if you like. Honestly, I think a lot of people will be lurkers... so for them they never need to progress beyond read-only subscriber. It's the people who are interested in security (be it re-active or pro-active) that will want to be "members" of the list. Now, having said that, I think the ml subscription can be a lot more open than wiki editing rights (which is a whole different ball of wax). -- Vincent Danen @ http://linsec.ca/ Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.