RE: requires full discussion of political and legal aspects of security

[cnupt42 () eml cc]

yes i'm making a political statement by just joining this list...
the good thing is there's no repracations, as with theo and dod.




On Sat, 19 Apr 2003 08:25:02 -1000, "Jason Coombs" <jasonc () science org>
said:
> Matthew Murphy wrote:
> > These kind of discussions, while interesting to some list members, are not
> > why I subscribe to this list.  The list's purpose is for discussion of
> > security issues -- Theo de Raadt's poor cry baby routine is not a security
> > issue.  Please keep off-topic discussions like this to a minimum, as they
> > will destroy this list.  List subscribers, many of whom are looking for
> > actual vulnerability details (and not discussion of world ideals), will
> > begin to leave in droves if posters do not learn to show basic restraint.
> > If it isn't a security issue, don't post it.  Period.  I will adopt this
> > policy from this post forward, and I encourage others to do the same.
>
> As somebody who has conspicuously and intentionally pushed for more
> political
> discussion on this list, I must say first that I disagree completely and
> second that I have no intention of withholding political discussions from
> this
> list so you'll either have to tolerate (or filter) me, or lobby Len to
> block
> my postings if they really offend you.
>
> Geek crypto tech cipherpunk penetration and vulnerability discussions
> without
> political and legal context encourage and foster gross misunderstanding
> of
> reality and place those who engage in security and cryptography research
> at
> risk of unreasonable prosecution and persecution beyond socially
> acceptable
> and beneficial self-regulation.
>
> You've already made a political statement by joining this list: you
> reject the
> politics of partial-disclosure or no disclosure on the grounds that you
> and
> those who rely on you for expertise are best served when everyone
> receives
> full and timely disclosure of vulnerability details. You are implicitly
> insisting that forces of oppression that curtail disclosure and
> discussion do
> far more harm than good.
>
> I reject your implication, and the implication of others on this list who
> have
> communicated as much to me in the past, that political and legal
> discussions
> pertaining to security are harmful to the list's well-being and focus.
>
> You've probably noticed that with a couple exceptions we all know better
> than
> to engage in flame wars, especially over a non-technical political or
> legal
> matter. This self-regulation is working, and the tone and scope of
> discussion
> on this list coupled with the lack of restrictive moderation makes it
> superior
> to bugtraq and others.
>
> The most compelling reason to support thoughtful and well-informed
> political
> and legal discussions rather than cast hate upon them as having nothing
> to do
> with the topic of security is that we who support full disclosure are
> wise,
> patriotic, law-abiding realists whose understanding of the technical
> subject
> matter combined with our experience in the real world convince us beyond
> any
> doubt that only the self-interested minority of power and money elite
> benefit
> from suppressing full disclosure -- and we recognize, being realists,
> that
> every disclosure made without the full support of the self-interested
> minority
> places those responsible at risk.
>
> You cannot seriously sit on the sidelines of this list, exposing yourself
> to
> (nearly) zero risk (*), and benefit from the hard work being done and
> hard
> risks being taken by others, while simultaneously proclaiming that
> discussion
> of the political and legal risks being taken by those who do the work
> that
> benefits you is somehow off-topic.
>
> In the good 'ol days there used to be an explicit requirement for
> contributions from every member who benefits from the risks being taken
> by
> others. Either you contributed, and thus took some risk yourself, or you
> were
> not entitled to benefit from the risk-taking of others. We've moved
> beyond
> that point now, and realize that it would be wrong to withhold the
> benefits
> from anyone: this is the essence of full disclosure.
>
> But don't tell me this list is not political. If it's just bugtraq
> without
> Dave Ahmad then I need to unsubscribe.
>
> Sincerely,
>
> Jason Coombs
> jasonc () science org
>
> (*) During World War II, the Nazis apparently used telephone company
> records
> to find out who called who. Whenever they hauled a family off to a gas
> chamber, they were sure to check that family's telephone records to
> determine
> who else they needed to haul off to the gas chamber also. Therefore,
> simply
> subscribing to this list with an e-mail address that is traceable to your
> real
> identity places you at risk whether you choose to believe it or not.
> Anyone
> who fails to understand the full scope of information security risk,
> inclusive
> of its sometimes-subtle and sometimes-dangerous political and legal
> aspects,
> fails to understand both history and human nature.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
http://www.fastmail.fm - mmm... fastmail…
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html