oss-sec mailing list archives
Re: wiki
From: Vincent Danen <vdanen () linsec ca>
Date: Mon, 18 Feb 2008 08:56:16 -0700
* [2008-02-18 17:23:28 +0300] Solar Designer wrote:
I've setup a few pages to give it some structure and content.Yes, and I notice that Matthieu has added some more content to the pages you had created. Thanks to both of you!
Hmmm... so where's the Openwall vendor info, eh? <wink wink> =)
Also, I've noticed what I think is a major issue with the wiki - although it is configured to obfuscate e-mail addresses, it only does so when displaying the latest revision of a page. Older revisions and page source appear with the e-mail addresses intact, ready to be grabbed by a "spambot". I think that we'll need to either fix it in the code (or is there a configuration setting I have missed?) or obfuscate e-mail addresses manually. The latter will be of little help for the addresses already entered into the wiki as they will remain in the old revisions.
Well, there's maybe a dozen in there and Lord knows the Mandriva security contact gets more spam than I care to admit. Those addresses are pretty public to begin with, so we should either figure out how to obfuscate the old revisions or do it manually. I think the dozen or so addresses that would show up in the old revisions shouldn't be a big deal (provided we figure/implement something now before it really starts to get populated).
... setup a redirect on http://oss-security.openwall.org/ so that you get bumped to /wiki/ instead of seeing an apache directory listing.Done. I've made this a temporary redirect (code 302) such that we can replace it with a static page later on (with links to the wiki and to non-wiki content that we might add).
Oh good, thanks.
Feel free to start adding content. I think the structure is ok enough to start with, we'll see how it goes from there. It's pretty straight-forward and should be easy enough to add to (I just added a few links, some pages, etc. but every vendor should be adding their own info there), and others can add content, etc.Yes. I think that some of the content to add would be list charter for oss-security (Josh?) and official(?) or primary description of vendor-sec. For the latter, we can take the text from the recently created Wikipedia page - http://en.wikipedia.org/wiki/Vendor-sec - then have the Wikipedia page backed by the already-public info on our wiki.
These sound like good ideas to me. Particularly the bit on vendor-sec. I think for this to become effective, we need to expose it more and at the same time we can expose vendor-sec a little bit more too.
I've also registered #oss-security on Freenode for chatting.Thanks! I am a little bit concerned that having an IRC channel might result in us having less "permanent" content (on this list and on the wiki) as questions will be asked and answered on IRC instead...
You'll always have a smaller subset of people on IRC than on the list (i.e. right now it's just Josh and I). I don't think it will replace the list, but supplement it. I know for Mandriva, it's good to discuss things on IRC but more often than not a summary of sorts is sent to the pertinent ml to let the others (who aren't on IRC, or aren't there at a particular time, etc.) know what's going on, or wha has been discussed, etc. I think a medium like IRC is invaluable for "rapid-response" or brainstorming. There's nothing to stop a summation of discussion from going back to the list for further discussion, but it's really useful for discussing things to get a quick(er) resolution in some cases. Or even just bouncing ideas around. -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- wiki Solar Designer (Feb 16)
- Re: wiki Vincent Danen (Feb 17)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki Vincent Danen (Feb 18)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki - e-mail address obfuscation Solar Designer (Feb 18)
- Re: wiki - e-mail address obfuscation Solar Designer (Feb 19)
- Re: wiki - e-mail address obfuscation (GalaxyMaster) (Feb 19)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki Vincent Danen (Feb 19)
- Re: wiki Vincent Danen (Feb 17)
- Re: wiki Josh Bressers (Feb 18)
- charter Jonathan Smith (Feb 18)
- Re: charter Josh Bressers (Feb 19)
- Re: charter Mark J Cox (Feb 19)
- Re: charter Vincent Danen (Feb 19)