Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Mar 2014 17:31:30 +0400
From: Solar Designer <>
Subject: Re: [OT] FD mailing list died. Time for new one

On Wed, Mar 19, 2014 at 02:58:23PM +0200, Georgi Guninski wrote:
> Apologies for posting on list mainly dedicated to CVE's.

I guess you're (partially) kidding.  This list is not meant to be
"mainly dedicated to CVE's", it just happened to be that way.  Other
on-topic postings are very welcome, and I find postings about other
related mailing lists (dis)appearing to be on topic, in part because it
affects what topics we choose to discuss in here (and what topics to
discuss in other places).

> The Full Disclosure mailing list died today:
> I suppose it is time for a new list.
> Any ideas?

Arrigo Triulzi and I just had this conversation on Twitter:

<solardiz> Hosting unofficial Full-Disclosure archive we received few message removal requests and no threats that I recall
<@cynicalsecurity> @solardiz shall we reboot FD?
<@solardiz> @cynicalsecurity Maybe, but I don't intend to be involved. I wasn't even subscribed except hosting this archive and sometimes looking at it.
<@cynicalsecurity> @solardiz perhaps we need a different FD, without the automated security bulletins and the trolls. FD with kickbans?
<@solardiz> @cynicalsecurity With "unmoderated" "full disclosure" list, it's tricky to draw the trolling vs. free speech line. I'll let others do it.
<@cynicalsecurity> @solardiz yes, agreed.

So I think someone else should setup the new FD, somewhere.  Openwall
might host an unofficial archive of it again (with no promises of it
staying up), and that's it.

I just recalled another way in which I found FD useful: as a moderator
for oss-security, I sometimes rejected off-topic yet not totally crappy
postings with a comment suggesting that the person posts to FD instead.
We won't be able to continue doing that.  In some cases (mostly for bugs
in proprietary software) we'll be able to continue to redirect people to
Bugtraq, but there are in fact not totally crappy postings that I think
aren't appropriate for either oss-security or Bugtraq - e.g., someone
wanted to conduct a research survey in the security community recently,
and I redirected them to FD (I don't know if they posted, nor if their
posting to FD was approved).  I felt that a posting like that would be
"too crappy" for Bugtraq (although that sentiment is in part based on
"the old Bugtraq" of 1990s), but OK given the overall low SNR on FD.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.