Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170624155549.GA31293@openwall.com>
Date: Sat, 24 Jun 2017 17:55:49 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Shawn <citypw@...il.com>
Subject: Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method

Shawn,

I really don't appreciate you CC'ing kernel-hardening on this.  As I
wrote to you in the rejection message for that copy of your message:

"It's sufficient that we have this crap on oss-security.  Let's not spam
kernel-hardening with it as well.  Let's have it on just one list, and
it just so happens it started on oss-security this one time.  As a
moderator, I fully expect I'll have to shut down this thread soon anyway."

I also had to switch kernel-hardening to full message pre-moderation
because of your CC.  Hopefully temporarily again.  Last time I did this
(recently), and had since undone it (re-enabling the whitelist until
today), was because of what I'll call an "anti-grsecurity crap" thread.

Why pre-moderate even for previously whitelisted senders?  Because they
might be replying to this thread that you attempted to CC to
kernel-hardening, without them realizing that your initial message was
not approved there.  This is a general problem with CC's to moderated
lists, and why I ask that all of us please use CC's sparingly.

I don't like censorship, but I also want these mailing lists to remain
usable for their primary intended purposes for all of us.  This is why
we generally don't reject individual messages in these discussion
threads until eventually having to shut down the threads.  So all sides
have an equal opportunity to speak.

FWIW, my own opinion on the actual matters raised in these threads is
nuanced.  I'm not with either side.  I guess this makes it easier for me
to stay neutral as a moderator.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.