Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 19 Mar 2014 15:48:13 +0200
From: Georgi Guninski <guninski@...inski.com>
To: oss-security@...ts.openwall.com
Subject: Re: [OT] FD mailing list died. Time for new one

On Wed, Mar 19, 2014 at 05:31:30PM +0400, Solar Designer wrote:
> On Wed, Mar 19, 2014 at 02:58:23PM +0200, Georgi Guninski wrote:
> > Apologies for posting on list mainly dedicated to CVE's.
> 
> I guess you're (partially) kidding.  This list is not meant to be
> "mainly dedicated to CVE's", it just happened to be that way.  Other
> on-topic postings are very welcome, and I find postings about other
> related mailing lists (dis)appearing to be on topic, in part because it
> affects what topics we choose to discuss in here (and what topics to
> discuss in other places).
> 

lol. I was partially kidding and in addition have low
opinion of CVE.

> > The Full Disclosure mailing list died today:
> > http://lists.grok.org.uk/
> > http://seclists.org/fulldisclosure/2014/Mar/332
> > 
> > I suppose it is time for a new list.
> > 
> > Any ideas?
> 
> Arrigo Triulzi and I just had this conversation on Twitter:
> 
> <solardiz> Hosting unofficial Full-Disclosure archive http://lists.openwall.net/full-disclosure/ we received few message removal requests and no threats that I recall
> <@cynicalsecurity> @solardiz shall we reboot FD?
> <@solardiz> @cynicalsecurity Maybe, but I don't intend to be involved. I wasn't even subscribed except hosting this archive and sometimes looking at it.
> <@cynicalsecurity> @solardiz perhaps we need a different FD, without the automated security bulletins and the trolls. FD with kickbans?
> <@solardiz> @cynicalsecurity With "unmoderated" "full disclosure" list, it's tricky to draw the trolling vs. free speech line. I'll let others do it.
> <@cynicalsecurity> @solardiz yes, agreed.
> 
> So I think someone else should setup the new FD, somewhere.  Openwall
> might host an unofficial archive of it again (with no promises of it
> staying up), and that's it.
> 
> I just recalled another way in which I found FD useful: as a moderator
> for oss-security, I sometimes rejected off-topic yet not totally crappy
> postings with a comment suggesting that the person posts to FD instead.
> We won't be able to continue doing that.  In some cases (mostly for bugs
> in proprietary software) we'll be able to continue to redirect people to
> Bugtraq, but there are in fact not totally crappy postings that I think
> aren't appropriate for either oss-security or Bugtraq - e.g., someone
> wanted to conduct a research survey in the security community recently,
> and I redirected them to FD (I don't know if they posted, nor if their
> posting to FD was approved).  I felt that a posting like that would be
> "too crappy" for Bugtraq (although that sentiment is in part based on
> "the old Bugtraq" of 1990s), but OK given the overall low SNR on FD.
> 
> Alexander


If you ask me there should be no moderation/kickbans.
IMHO this isn't effective against alleged trolls.
Back in the time I was against banning n3td3v.

Maybe some sound daily quota is reasonable though.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.