Full Disclosure mailing list archives
Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released)
From: Ryan Sears <rdsears () mtu edu>
Date: Tue, 12 Apr 2011 16:19:49 -0400 (EDT)
Yeah, I second that. Where do you draw the line if you do start making up rules like that? What about a vulnerability like path-disclosure or insufficient anti-automation? Granted they're not huge bugs, but they ARE bugs. There's crap I don't want to read on this list, but that's a decision I have to make. Granted the INSECT Pro minor releases are a bit annoying, but no more then cal sending porn to the list. It's whatever, un-moderated means exactly that. No-one can tell anyone else what to release/write. Period. Ryan ----- Original Message ----- From: "rancor" <therancor () gmail com> To: "Steve Pinkham" <steve.pinkham () gmail com> Cc: full-disclosure () lists grok org uk Sent: Tuesday, April 12, 2011 3:50:59 PM GMT -05:00 US/Canada Eastern Subject: Re: [Full-disclosure] Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) What to do about it? It's not moderated? Just ignore stuff and use the often used key called delete. Simple as that =) // rancor Den 12 apr 2011 21.16 skrev "Steve Pinkham" <steve.pinkham () gmail com>:
On 04/12/2011 09:04 AM, phil wrote:Just keep that simple, the post hit the non acceptable content. "Gratuitous advertisement, product placement, or self-promotion is forbidden." My opinion, but if the product could be free, like it was, then I don't mind seeing those kind of post, but for anything commercial FD is not there for that.I agree, but think that intuition should be inscribed in more precise language. That whole sentence starts out with "Gratuitous", which to me seems to be unclear to both native and non-native speakers alike. IMHO It's just too easy to justify to yourself that what you are doing is does not violate wording of the charter, and therefore I think the charter should be more explicit. When would it be OK(non-gratuitous) to mention a tool? When it comes with a new vulnerability class? When it was used to find a particular flaw? When it shows a novel way of finding flaws of a particular class? When the tool is Open Source, such that the tool is an embodiment of knowledge being shared? This whole issue with INSECT Pro show a lack of consensus on what advertisement means, and what kicked it off was a disagreement about what the definition of a "free" product is. I'm coming around to the idea that the rules should be based on knowledge transfer. My intuition is that only projects with OSI approves licenses should be allowed(as Tim argued), unless you are releasing a tool of any sort along with a new class of vulnerability. Also, announcements of more then 1 per six months should be forbidden for any project. This would serve as a sort of default deny rule to keep the most annoying types of announcements at bay. Any other thoughts? The other posibility is the current wording sufficient as a simple "Don't be a dick" kind of rule, and more specific rules would be lost on those who have no problem with being a dick. I would argue that more guidance in the charter on this issue might be worthwile for the majority of people who do not in fact want to break Wheaton's law.-phil-- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB |
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Steven Pinkham (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) phil (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Steve Pinkham (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Christopher Truncer (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Tim (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Raj Mathur (राज माथुर) (Apr 12)
- <Possible follow-ups>
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Ryan Sears (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Michal Zalewski (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Pete Smith (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) Michal Zalewski (Apr 12)
- Re: Announcement posts and the charter (was Re: INSECT Pro 2.5.1 released) phil (Apr 12)