Full Disclosure mailing list archives
Re: BugTraq Speed
From: Raj Mathur <raju () linux-delhi org>
Date: Fri, 26 Sep 2003 00:41:45 +0530
Dave Ahmad picked up on my post and responded privately. He doesn't have any objections to my forwarding his messages to FD, hence forwarding without prejudice. -- Raju -- Raj Mathur raju () kandalaya org http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F All your domain are belong to us. It is the mind that moves [Message from Dave Ahmad] Return-Path: <da () securityfocus com> In-Reply-To: <16242.22041.486674.791277 () mail linux-delhi org> Message-ID: <Pine.LNX.4.58.0309250950310.22182 () mail securityfocus com> References: <28915501A44DBA4587FE1019D675F983093D79 () grfint intern adiscon com> <3F71F6C4.1060708 () dylanic de> <16242.22041.486674.791277 () mail linux-delhi org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII From: Dave Ahmad <da () securityfocus com> To: Raj Mathur <raju () linux-delhi org> Subject: Re: [Full-disclosure] BugTraq Speed Date: Thu, 25 Sep 2003 10:19:31 -0600 (MDT) Raj, I appreciate you being the voice of reason. I can offer you a simple explanation, off-list. Bugtraq is a moderated list, Full-Disclosure is not. Of course Full-Disclosure is going to be faster. It takes me some time read through all of the submissions to Bugtraq and decide which ones are to be on the list. Unfortunately, Bugtraq is not my only responsibility here. I have to balance trying to moderate as quickly as possible with managing my team and maintaining/supporting some of the products here which depend on the vulnerability database. Despite all of this, I believe, Bugtraq is consistently faster than the other moderated lists. There's no conspiracy to withhold messages while our customers get priority. That is absurd, all one has to do is monitor the list during regular business hours. For example, the FreeBSD advisory mentioned by Rainer: I approved it as soon as I was at my desk, before 9AM here. It hit my mail spool about 30 minutes later (50,000 users on the list means 50,000 SMTP transactions -- there's some latency in delivery, though we try to improve performance by using QMQP with concurrent outgoing servers). During the day I approve messages as they arrive. Once in a while messages slip. It happens. I have hundreds of messages in the queue. Sometimes a single message is surrounded by OOTO replies, A/V bounces, spam, virus/worm mails, etc, and I don't see it until I review the queue when I have time. Follow-up messages sometimes take a little longer because there are so many of them, many of which say the same things. To keep the noise down, I read over them all and select the best messages for approval. It takes me hours of my time both at work and outside of the office. I'm not asking that anyone take my word for it. The Bugtraq delivery times are available to anyone on the list. With all of the speculation I'm surprised nobody has actually put in the effort to try and prove we are withholding information. I assure that any such investigation would show that the pattern of message approval is not consistent with us withholding the precious zero-day of the community. There's not really any commercial advantage anyways, since there are so many lists now and much of what goes to Bugtraq is sent everywhere else as well. Most importantly, it's simply not ethical and I would have no part in doing that. But again, don't take my word for it. Thanks again. [Personal stuff snipped -- Raju] David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- The battle for the past is for the future. We must be the winners of the memory war.
Uh, has anyone bothered asking DMA the reason for the delay? You may not get any reasonable explanation, but at least give the man a chance to defend himself before condemning him. - -- Raju - -- Raj Mathur raju () kandalaya org http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F All your domain are belong to us. It is the mind that moves
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: BugTraq Speed, (continued)
- Re: BugTraq Speed Jonathan A. Zdziarski (Sep 24)
- Re: BugTraq Speed Rick Updegrove (Sep 24)
- RE: BugTraq Speed Brown, Rodrick (Sep 24)
- RE: BugTraq Speed dunc sec (Sep 24)
- Re: BugTraq Speed Kristian Hermansen (Sep 24)
- Re: BugTraq Speed Michael Renzmann (Sep 25)
- Re: BugTraq Speed Darren Reed (Sep 25)
- Re: BugTraq Speed Michael Renzmann (Sep 25)
- RE: BugTraq Speed Rapaille Max (Sep 25)
- RE: BugTraq Speed Rainer Gerhards (Sep 25)
- Re: BugTraq Speed Gerhard den Hollander (Sep 25)
- Re: BugTraq Speed Raj Mathur (Sep 25)
- Re: BugTraq Speed Dariusz Sznajder (Sep 25)
- Re: BugTraq Speed Roman Bogorodskiy (Sep 25)
- Re: BugTraq Speed Gerhard den Hollander (Sep 25)