Full Disclosure mailing list archives
RE: requires full discussion of political and legal aspects of security
From: cnupt42 () eml cc
Date: Sat, 19 Apr 2003 11:38:46 -0800
yes i'm making a political statement by just joining this list... the good thing is there's no repracations, as with theo and dod. On Sat, 19 Apr 2003 08:25:02 -1000, "Jason Coombs" <jasonc () science org> said:
Matthew Murphy wrote:These kind of discussions, while interesting to some list members, are not why I subscribe to this list. The list's purpose is for discussion of security issues -- Theo de Raadt's poor cry baby routine is not a security issue. Please keep off-topic discussions like this to a minimum, as they will destroy this list. List subscribers, many of whom are looking for actual vulnerability details (and not discussion of world ideals), will begin to leave in droves if posters do not learn to show basic restraint. If it isn't a security issue, don't post it. Period. I will adopt this policy from this post forward, and I encourage others to do the same.As somebody who has conspicuously and intentionally pushed for more political discussion on this list, I must say first that I disagree completely and second that I have no intention of withholding political discussions from this list so you'll either have to tolerate (or filter) me, or lobby Len to block my postings if they really offend you. Geek crypto tech cipherpunk penetration and vulnerability discussions without political and legal context encourage and foster gross misunderstanding of reality and place those who engage in security and cryptography research at risk of unreasonable prosecution and persecution beyond socially acceptable and beneficial self-regulation. You've already made a political statement by joining this list: you reject the politics of partial-disclosure or no disclosure on the grounds that you and those who rely on you for expertise are best served when everyone receives full and timely disclosure of vulnerability details. You are implicitly insisting that forces of oppression that curtail disclosure and discussion do far more harm than good. I reject your implication, and the implication of others on this list who have communicated as much to me in the past, that political and legal discussions pertaining to security are harmful to the list's well-being and focus. You've probably noticed that with a couple exceptions we all know better than to engage in flame wars, especially over a non-technical political or legal matter. This self-regulation is working, and the tone and scope of discussion on this list coupled with the lack of restrictive moderation makes it superior to bugtraq and others. The most compelling reason to support thoughtful and well-informed political and legal discussions rather than cast hate upon them as having nothing to do with the topic of security is that we who support full disclosure are wise, patriotic, law-abiding realists whose understanding of the technical subject matter combined with our experience in the real world convince us beyond any doubt that only the self-interested minority of power and money elite benefit from suppressing full disclosure -- and we recognize, being realists, that every disclosure made without the full support of the self-interested minority places those responsible at risk. You cannot seriously sit on the sidelines of this list, exposing yourself to (nearly) zero risk (*), and benefit from the hard work being done and hard risks being taken by others, while simultaneously proclaiming that discussion of the political and legal risks being taken by those who do the work that benefits you is somehow off-topic. In the good 'ol days there used to be an explicit requirement for contributions from every member who benefits from the risks being taken by others. Either you contributed, and thus took some risk yourself, or you were not entitled to benefit from the risk-taking of others. We've moved beyond that point now, and realize that it would be wrong to withhold the benefits from anyone: this is the essence of full disclosure. But don't tell me this list is not political. If it's just bugtraq without Dave Ahmad then I need to unsubscribe. Sincerely, Jason Coombs jasonc () science org (*) During World War II, the Nazis apparently used telephone company records to find out who called who. Whenever they hauled a family off to a gas chamber, they were sure to check that family's telephone records to determine who else they needed to haul off to the gas chamber also. Therefore, simply subscribing to this list with an e-mail address that is traceable to your real identity places you at risk whether you choose to believe it or not. Anyone who fails to understand the full scope of information security risk, inclusive of its sometimes-subtle and sometimes-dangerous political and legal aspects, fails to understand both history and human nature. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- http://www.fastmail.fm - mmm... fastmail… _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: [ISN] DARPA pulls OpenBSD funding, (continued)
- Re: RE: [ISN] DARPA pulls OpenBSD funding Paul Schmehl (Apr 20)
- RE: RE: [ISN] DARPA pulls OpenBSD funding Ron DuFresne (Apr 21)
- Re: RE: [ISN] DARPA pulls OpenBSD funding Georgi Guninski (Apr 19)
- Re: RE: [ISN] DARPA pulls OpenBSD funding Matthew Murphy (Apr 19)
- Re: RE: [ISN] DARPA pulls OpenBSD funding Timmah (Apr 19)
- Re: RE: [ISN] DARPA pulls OpenBSD funding Paul Schmehl (Apr 19)
- RE: requires full discussion of political and legal aspects of security Jason Coombs (Apr 19)
- Re: requires full discussion of political and legal aspects of security Matthew Murphy (Apr 19)
- RE: requires full discussion of political and legal aspects of security Eric Lauzon (Apr 19)
- RE: requires full discussion of political and legal aspects of security Mads Tansø (Apr 19)
- RE: requires full discussion of political and legal aspects of security cnupt42 (Apr 19)
- Re: RE: [ISN] DARPA pulls OpenBSD funding Matthew Murphy (Apr 19)
- RE: RE: [ISN] DARPA pulls OpenBSD funding Ed Carp (Apr 19)
- RE: RE: [ISN] DARPA pulls OpenBSD funding Ron DuFresne (Apr 21)
- Message not available
- Re: RE: [ISN] DARPA pulls OpenBSD funding Blue Boar (Apr 19)