Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 26 Sep 2018 10:39:00 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: bounties

On Tue, Sep 25, 2018 at 06:55:16PM -0700, Justin Ferguson wrote:
> Thus I am asking in a larger context about other peoples experiences
> with such things,

OK.  You already did that, and people are free to share their experience
(if on-topic for this list).  You also shared your experience (which
happens to be only partially on-topic for this list).  As a moderator, I
think that's enough contribution from you to this thread.

> and while I would agree that this subject matter is
> not particularly on-topic for the list, I would think that there
> effectively are not unmoderated lists, no place to really ask this
> question in a substantial manner despite the importance of it, and of
> crowd-sourcing other peoples experiences would be concerning to an
> industry as a whole.

While I also regret that there's no longer an unmoderated
full-disclosure list, I understand why there is not.  Besides needing to
filter out all the automated spam (which already makes the list
technically moderated), all sorts of semi-on-topic crap ends up being
posted to truly unmoderated lists like that - personal attacks, doxing
(and when you ask for removal of that content from archives later, you
sort of engage in moderation too), conspiracy theories and dubious facts
(and good luck figuring out what's real and what's not), etc.  That
said, you may host a new list like that, and I'd be happy to be able to
redirect discussions that are unsuitable in here to there.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.