Re: wiki

[Vincent Danen <vdanen () linsec ca>]

* [2008-02-18 17:23:28 +0300] Solar Designer wrote:

> > I've setup a few pages to give it some structure and content.
>
> Yes, and I notice that Matthieu has added some more content to the pages
> you had created.  Thanks to both of you!

Hmmm... so where's the Openwall vendor info, eh?  <wink wink>  =)

> Also, I've noticed what I think is a major issue with the wiki -
> although it is configured to obfuscate e-mail addresses, it only does so
> when displaying the latest revision of a page.  Older revisions and page
> source appear with the e-mail addresses intact, ready to be grabbed by a
> "spambot".  I think that we'll need to either fix it in the code (or is
> there a configuration setting I have missed?) or obfuscate e-mail
> addresses manually.  The latter will be of little help for the addresses
> already entered into the wiki as they will remain in the old revisions.

Well, there's maybe a dozen in there and Lord knows the Mandriva
security contact gets more spam than I care to admit.  Those addresses
are pretty public to begin with, so we should either figure out how to
obfuscate the old revisions or do it manually.  I think the dozen or so
addresses that would show up in the old revisions shouldn't be a big
deal (provided we figure/implement something now before it really starts
to get populated).

> > ... setup a redirect on
> > http://oss-security.openwall.org/ so that you get bumped to /wiki/
> > instead of seeing an apache directory listing.
>
> Done.  I've made this a temporary redirect (code 302) such that we can
> replace it with a static page later on (with links to the wiki and to
> non-wiki content that we might add).

Oh good, thanks.

> > Feel free to start adding content.  I think the structure is ok enough
> > to start with, we'll see how it goes from there.  It's pretty
> > straight-forward and should be easy enough to add to (I just added a few
> > links, some pages, etc. but every vendor should be adding their own info
> > there), and others can add content, etc.
>
> Yes.  I think that some of the content to add would be list charter for
> oss-security (Josh?) and official(?) or primary description of
> vendor-sec.  For the latter, we can take the text from the recently
> created Wikipedia page - http://en.wikipedia.org/wiki/Vendor-sec - then
> have the Wikipedia page backed by the already-public info on our wiki.

These sound like good ideas to me.  Particularly the bit on vendor-sec.
I think for this to become effective, we need to expose it more and at
the same time we can expose vendor-sec a little bit more too.

> > I've also registered #oss-security on Freenode for chatting.
>
> Thanks!  I am a little bit concerned that having an IRC channel might
> result in us having less "permanent" content (on this list and on the
> wiki) as questions will be asked and answered on IRC instead...

You'll always have a smaller subset of people on IRC than on the list
(i.e. right now it's just Josh and I).  I don't think it will replace
the list, but supplement it.  I know for Mandriva, it's good to discuss
things on IRC but more often than not a summary of sorts is sent to the
pertinent ml to let the others (who aren't on IRC, or aren't there at a
particular time, etc.) know what's going on, or wha has been discussed,
etc.

I think a medium like IRC is invaluable for "rapid-response" or
brainstorming.  There's nothing to stop a summation of discussion from
going back to the list for further discussion, but it's really useful
for discussing things to get a quick(er) resolution in some cases.  Or
even just bouncing ideas around.

--
Vincent Danen @ http://linsec.ca/

Attachment: _bin
Description: