Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 25 Mar 2010 16:15:07 +0100
From: Matthias Andree <matthias.andree@....de>
To: oss-security@...ts.openwall.com
Subject: Re: CFPs and con invitations on the list

Am 25.03.2010 15:24, schrieb Josh Bressers:
[...]
> I think those headers bring up a good point. This is comparable to the old
> days of cross posting to lots of gropus on usenet (for you young folks, it
> was frowned upon). Perhaps we encourage messages DIRECTED at oss-security,
> rather than shotgun announcements.

Which will then be disassembled into a series of mail-merged individual
invitations (aka. multi-posting, which was worse than cross-posting)?  If that
would happen, I'd object.  I also object to "badly cross-posted" invitations.

> 4) Approve posts from list memebers who've been on the list for > 1 month.
>     (I suspect this is the best solution)

A "List member[...]" might be a lurker, might be an occasional contributor, or a
regular contributor.  As a pointed question: Would you allow spammers to dump
their UCE here if they only were subscribers for four weeks?

More seriously, what relevance has the duration of a subscription?  My answer
is: none whatsoever.  There simply isn't any merit in being subscribed alone.
I find that this criterion, while objective, says nothing about contributions of
the subscriber to the list, and is therefore not useful.

I acknowledge that finding objective criteria is hard, but #4 is IMO just a very
bad loophole.

FWIW, I'm getting spamvertisements for conferences directed at me personally,
and I find that offensive and it should be a reason to prohibit the conference
altogether, so as to have a real incentive not to spam.

At the very least, conference advertisements, if allowed in moderation, should
be tagged so that people can automatically filter them. Filter instructions
could then be on the list's accompanying homepage.

-- 
Matthias Andree

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.