Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released)

[Ryan Sears <rdsears () mtu edu>]

Yeah, I second that. 

Where do you draw the line if you do start making up rules like that? What about a vulnerability like path-disclosure 
or insufficient anti-automation? Granted they're not huge bugs, but they ARE bugs. 

There's crap I don't want to read on this list, but that's a decision I have to make. Granted the INSECT Pro minor 
releases are a bit annoying, but no more then cal sending porn to the list. 

It's whatever, un-moderated means exactly that. No-one can tell anyone else what to release/write. Period. 

Ryan

----- Original Message -----
From: "rancor" <therancor () gmail com>
To: "Steve Pinkham" <steve.pinkham () gmail com>
Cc: full-disclosure () lists grok org uk
Sent: Tuesday, April 12, 2011 3:50:59 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released)

What to do about it? It's not moderated?

Just ignore stuff and use the often used key called delete. Simple as that
=)

// rancor
Den 12 apr 2011 21.16 skrev "Steve Pinkham" <steve.pinkham () gmail com>:
> On 04/12/2011 09:04 AM, phil wrote:
> > Just keep that simple, the post hit the non acceptable content.
> >
> > "Gratuitous advertisement, product placement, or self-promotion is
> > forbidden."
> >
> >
> >
> > My opinion, but if the product could be free, like it was, then I don't
> > mind seeing those kind of post, but for anything commercial FD is not
> > there for that.
>
> I agree, but think that intuition should be inscribed in more precise
> language.
>
> That whole sentence starts out with "Gratuitous", which to me seems to
> be unclear to both native and non-native speakers alike. IMHO It's just
> too easy to justify to yourself that what you are doing is does not
> violate wording of the charter, and therefore I think the charter should
> be more explicit.
>
> When would it be OK(non-gratuitous) to mention a tool? When it comes
> with a new vulnerability class? When it was used to find a particular
> flaw? When it shows a novel way of finding flaws of a particular class?
> When the tool is Open Source, such that the tool is an embodiment of
> knowledge being shared?
>
> This whole issue with INSECT Pro show a lack of consensus on what
> advertisement means, and what kicked it off was a disagreement about
> what the definition of a "free" product is.
>
> I'm coming around to the idea that the rules should be based on
> knowledge transfer. My intuition is that only projects with OSI
> approves licenses should be allowed(as Tim argued), unless you are
> releasing a tool of any sort along with a new class of vulnerability.
> Also, announcements of more then 1 per six months should be forbidden
> for any project. This would serve as a sort of default deny rule to
> keep the most annoying types of announcements at bay.
>
> Any other thoughts?
>
> The other posibility is the current wording sufficient as a simple
> "Don't be a dick" kind of rule, and more specific rules would be lost on
> those who have no problem with being a dick. I would argue that more
> guidance in the charter on this issue might be worthwile for the
> majority of people who do not in fact want to break Wheaton's law.
>
>
> > -phil
> --
> | Steven Pinkham, Security Consultant |
> | http://www.mavensecurity.com |
> | GPG public key ID CD31CAFB |

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/