oss-sec mailing list archives
Re: wiki
From: Vincent Danen <vdanen () linsec ca>
Date: Tue, 19 Feb 2008 10:06:33 -0700
* [2008-02-18 22:16:53 +0300] Solar Designer wrote:
>Also, I've noticed what I think is a major issue with the wiki - >although it is configured to obfuscate e-mail addresses, it only does so >when displaying the latest revision of a page. Older revisions and page >source appear with the e-mail addresses intact, ready to be grabbed by a >"spambot".It turned out that the older revisions were also subject to automated e-mail address obfuscation, and the reason I got confused was that I was looking specifically at the welcome page where you did not enter this list's address in the DokuWiki-supported format right away. And it only obfuscates e-mail addresses it recognizes - not anything with an @-sign. So we need to be very careful about this - e-mail addresses must be entered as <user () example org> - with the angle brackets. Anyway, I went ahead and corrected this in the old revisions for the welcome page (using VIM on files in the attic) - I hope you don't mind.
Nope, I don't mind. That was before I was looking at the docuwiki syntax, I'm sure.
As to page source, I've disabled the view source / export raw feature. Of course, logged in users with page editing rights can view the source with non-obfuscated e-mail addresses anyway, but let's hope "spambots" are not that good yet - and at a later time we might want to (or have to) revoke page editing rights for new user accounts anyway.
That's a good idea. I don't know if docuwiki supports moderated membership, but if it does, we should keep that in mind and possibly enable that in the future to prevent things like spambots or others to hijack pages.
> ... I think that some of the content to add would be list charter for >oss-security (Josh?) and official(?) or primary description of >vendor-sec. For the latter, we can take the text from the recently >created Wikipedia page - http://en.wikipedia.org/wiki/Vendor-sec - then >have the Wikipedia page backed by the already-public info on our wiki. These sound like good ideas to me. Particularly the bit on vendor-sec.OK, so who is to create the page on vendor-sec? It'd be great if the same people who edited the Wikipedia page would do it, but Steve Kemp did not join us on this list - and I can't force people to join... OK, maybe I can ask him about that.
I believe he's joined, although I didn't see a page about vendor-sec yet.
I think for this to become effective, we need to expose it moreWe'll definitely expose the oss-security wiki. I am going to mention it in one of Openwall news items and in an announcement list posting.
I've mentioned it on my personal blog and will probably send a notice to the Mandriva security-discuss mailing list to let our users know about it as well.
and at the same time we can expose vendor-sec a little bit more too.Yes, this is what will happen, and it appears that vendor-sec members are either for greater exposure or feel neutral about it.
That's good to hear (I didn't think anyone would be against and it neutral is ok). -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- wiki Solar Designer (Feb 16)
- Re: wiki Vincent Danen (Feb 17)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki Vincent Danen (Feb 18)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki - e-mail address obfuscation Solar Designer (Feb 18)
- Re: wiki - e-mail address obfuscation Solar Designer (Feb 19)
- Re: wiki - e-mail address obfuscation (GalaxyMaster) (Feb 19)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki Vincent Danen (Feb 19)
- Re: wiki Vincent Danen (Feb 17)
- Re: wiki Josh Bressers (Feb 18)
- charter Jonathan Smith (Feb 18)
- Re: charter Josh Bressers (Feb 19)
- Re: charter Mark J Cox (Feb 19)
- Re: charter Vincent Danen (Feb 19)
- Re: charter - advisories Solar Designer (Feb 19)
- Re: charter - advisories Josh Bressers (Feb 19)
- Re: charter - advisories Vincent Danen (Feb 20)
- Re: charter - advisories Solar Designer (Feb 24)
- Re: charter - advisories Vincent Danen (Feb 24)