Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 30 Aug 2012 19:04:35 +0400
From: Solar Designer <>
Subject: Re: Stripe Capture the Flag


Thank you all for the feedback on this sort of postings.  Besides the
feedback we've seen in here, I also got two off-list replies, both from
active list members (who wanted to keep the number of postings in this
thread down, hence did not post to the list):

One person suggested that CTF announcements be approved selectively -
most CTF announcements rejected (especially those requiring physical
presence and scheduled for a specific time, since few people are
able to participate in those), but some interesting ones accepted
(especially online infosec games available to play any time).

The other person felt strongly that all of them should be rejected, so
that we have a high-quality discussion list.

(The above is my interpretation of the responses.  I am not posting them
verbatim as I'd need to ask permission first, which I am too lazy to do.)

On Fri, Aug 24, 2012 at 08:29:10AM +0200, Filip Palian wrote:
> As many may think, it's not cve-designation list only (obviously I
> may be wrong about that).

This list is definitely not meant to be limited to CVE assignments.
I'd like to see more discussion in here - preferably of specific
technical issues rather than of policies and such (thus, I'd like this
message I am posting now to be more of an exception than the rule).

> In the other hand, it would be sad to see oss-security list turning
> into the place, where people are writing walktroughs, spoilers and
> asks for help (which IMHO would be unavoidable).
> Filtering all the garbage could be overhelming for moderators.

Well, we're not receiving any of these so far, and in fact let me dare
to post this link:

which in turn includes links to several writeups / walk-throughs for
Stripe CTF.  Warning: those who want to play the CTF for real should
avoid visiting those links prematurely.

> Maybe you will consider launching a dedicated list for CTFs only?

I'm not seeing enough demand for this.  Besides, doesn't such a list
already exist?  I must admit I'm not aware of one.  Perhaps not only for
CTFs, but also for other "similar" stuff we're rejecting: conference and
(e-)magazine CFPs, (e-)magazine issue announcements, repeated security
tool announcements (new versions).  It'd have to be limited to those
"weird" topics only, and exclude postings that would be on topic for
oss-security and other lists. %-)  (Excluding other topics would be
difficult as any posting may result in discussion that would include
postings on-topic for another list.  A (bad) solution could be to keep
that list announcement-only, rejecting any follow-ups.)  Would anyone
want to be on that list?  What could it be called?


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.