Re: [OT] FD mailing list died. Time for new one

[gremlin () gremlin ru]

On 19-Mar-2014 09:33:58 -0700, Dean Pierce wrote:

> Hosting? That's what the cloud is for.

Not for any sensitive data. And vulnerability descriptions are very
sensitive...

> I have no idea who runs
> https://groups.google.com/group/FullDisclosure
> but they seem modeled after original fd charter.

Modelling a charter is easy... But I bet they'll fail on gathering
all previous FD members.

> I trust Google as a neutral third party more than I would trust
> most security researchers.

Bwa-ha-ha-ha-ha...

Behind that party which you possibly may trust, there's a B.B.,
which is even worse than a Big Brother - as it's a Big Business.

When a Big Business faces something, it asks itself two questions:
0. Could it cause any loss?
1. Could it bring any profit?

Suppose someone posts a zero-day vulnerability on the list which
affects the BB; do you really think it wouldn't be censored out?

No doubt, it will - otherwise that will Cause a Loss, and that's
inacceptable for BB.

Also, several days before FD shutdown there was a long thread
related to some vulnerabilities in Google services... Although
John Cartwright didn't name anyone, I can't be sure these two
events are unrelated.

> They already host all the old newsgroup archives. It's also
> free, easily consumable, and most importantly, babysat for
> security issues in a way that even a team of skilled volunteers
> would have a hard time pulling off.

I'd prefer participating on the list hosted by some party which
isn't directly affected by list postings - say, some ISP.


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net