oss-sec mailing list archives
Re: announcing oCERT & oss-security to Bugtraq & f-d
From: Vincent Danen <vdanen () linsec ca>
Date: Fri, 4 Apr 2008 23:06:41 -0600
* [2008-04-05 01:08:58 +0400] Solar Designer wrote:
Josh, Vincent, Jonathan - thank you for commenting on this so promptly! Andrea - it appears that the oCERT announcement should be separate, then. Please go ahead with it, and feel free to mention oss-security in passing as a group that oCERT intends to work with, as Vincent suggested. I'm not sure if it's appropriate to include a link to the oss-security wiki; I would do it, but Vincent suggested that we make "the intelligent" use Google instead (and not invite the rest to our wiki just yet).
I think at this point, just mentioning it should suffice until we figure out the basics (unless Andrea waits until next week and we have a consensus in place).
Vincent Danen wrote: | I don't have a problem with it being announced at the same time, but I | do think that one day is pretty short notice to draft a decent | announcement (i.e. something that won't result in a "why do we need | another ml like fd or bugtraq" barrage of postings),Good point, and I am sorry for the short notice. To me, this was expected, but I failed to notify the oss-security group of this possibility earlier. I did not expect that the press would pick oCERT up before the Bugtraq & f-d announcement, though - and this is now a reason for not delaying the announcement anymore.
No, not for oCERT, for sure. But I think I'd like to see some of the ground-rules laid out first, now, before we have to re-think or change things later (in terms of basics), and end up ticking people off.
| because we need to | figure out the best way to do this so we don't get people like "n3td3v" | coming to the list.Maybe it's OK if they come to the list, but are unable to post - or get kicked out.
I think maybe a moderated subscription, and unmoderated postings (for members, moderated non-subscriber postings mandatory) would be a good way to do it.
On Fri, Apr 04, 2008 at 12:08:07PM -0800, Jonathan Smith wrote:I've got to agree with Vincent here. We didn't have much heads-up about this. Having folks on-list who shouldn't be was my main concern with oss-security to begin with, and posting the list to the masses (at this point in time) isn't going to make that easier. That being said, we need to figure that out before oss-security can be useful to a broader range of people and projects.OK, can we please start figuring this out, then? Once there's consensus or an obviously prevailing opinion in this group, Openwall is going to re-configure the list as it will be agreed upon, and everyone can edit the wiki to reflect that. Then we'll be ready for a "big announcement", right? Or do we want to work on the wiki content more first? Or maybe tighten up the wiki settings?
I think the wiki content is ok... we could delay this for months just getting the wiki content straightened out and flushed out. I don't think we want to do that. Tightening up who can edit the wiki is a good idea tho.
Let's just not leave things undefined and non-announced forever. If oss-security is successful, and it appears that it is, it will become known anyway - but possibly with more confusion around it if we don't announce it ourselves.
I agree.
| I think we should activate membership moderation before we make a big | public announcement for exactly this reason. Which is why we need more | than one day... this needs to be discussed amongst members and needs to | be noted in the announcement (to keep the idiots from trying to | subscribe and then us having to punt a bunch of them after the fact). Yep. But, I still think we should allow read-only memberships without moderation. Having to read oss-security through rss or a web interface would be frustrating.I agree with Jonathan on this. As to whether to enable message pre-moderation for list members before the announcement or only when we really have to, I am not sure. I'll let others decide.
No, I don't think we need to moderate member postings. I think we should do it this way: - members can post at will - subscribers are read-only [1] - non-members have posts moderated - membership is moderated [1] the distinction between member and subscriber is a member being someone who can post, and a subscriber is someone who gets it read-only -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- Re: group announcement, (continued)
- Re: group announcement Josh Bressers (May 04)
- Re: group announcement Jim Meyering (May 05)
- Re: group announcement Solar Designer (May 12)
- Re: list: members vs. read-only subscribers Josh Bressers (Apr 23)
- Re: list: members vs. read-only subscribers Vincent Danen (Apr 09)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Solar Designer (Apr 08)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Andrea Barisani (Apr 08)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Josh Bressers (Apr 08)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Andrea Barisani (Apr 08)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Solar Designer (Apr 08)
- Re: Re: "who shouldn't be on-list" Jonathan Smith (Apr 04)
- Re: Re: "who shouldn't be on-list" Vincent Danen (Apr 04)