Re: [OT] FD mailing list died. Time for new one

[Georgi Guninski <guninski () guninski com>]

On Wed, Mar 19, 2014 at 05:31:30PM +0400, Solar Designer wrote:
> On Wed, Mar 19, 2014 at 02:58:23PM +0200, Georgi Guninski wrote:
> > Apologies for posting on list mainly dedicated to CVE's.
>
> I guess you're (partially) kidding.  This list is not meant to be
> "mainly dedicated to CVE's", it just happened to be that way.  Other
> on-topic postings are very welcome, and I find postings about other
> related mailing lists (dis)appearing to be on topic, in part because it
> affects what topics we choose to discuss in here (and what topics to
> discuss in other places).

lol. I was partially kidding and in addition have low
opinion of CVE.

> > The Full Disclosure mailing list died today:
> > http://lists.grok.org.uk/
> > http://seclists.org/fulldisclosure/2014/Mar/332
> >
> > I suppose it is time for a new list.
> >
> > Any ideas?
>
> Arrigo Triulzi and I just had this conversation on Twitter:
>
> <solardiz> Hosting unofficial Full-Disclosure archive http://lists.openwall.net/full-disclosure/ we received few 
> message removal requests and no threats that I recall
> <@cynicalsecurity> @solardiz shall we reboot FD?
> <@solardiz> @cynicalsecurity Maybe, but I don't intend to be involved. I wasn't even subscribed except hosting this 
> archive and sometimes looking at it.
> <@cynicalsecurity> @solardiz perhaps we need a different FD, without the automated security bulletins and the trolls. 
> FD with kickbans?
> <@solardiz> @cynicalsecurity With "unmoderated" "full disclosure" list, it's tricky to draw the trolling vs. free 
> speech line. I'll let others do it.
> <@cynicalsecurity> @solardiz yes, agreed.
>
> So I think someone else should setup the new FD, somewhere.  Openwall
> might host an unofficial archive of it again (with no promises of it
> staying up), and that's it.
>
> I just recalled another way in which I found FD useful: as a moderator
> for oss-security, I sometimes rejected off-topic yet not totally crappy
> postings with a comment suggesting that the person posts to FD instead.
> We won't be able to continue doing that.  In some cases (mostly for bugs
> in proprietary software) we'll be able to continue to redirect people to
> Bugtraq, but there are in fact not totally crappy postings that I think
> aren't appropriate for either oss-security or Bugtraq - e.g., someone
> wanted to conduct a research survey in the security community recently,
> and I redirected them to FD (I don't know if they posted, nor if their
> posting to FD was approved).  I felt that a posting like that would be
> "too crappy" for Bugtraq (although that sentiment is in part based on
> "the old Bugtraq" of 1990s), but OK given the overall low SNR on FD.
>
> Alexander


If you ask me there should be no moderation/kickbans.
IMHO this isn't effective against alleged trolls.
Back in the time I was against banning n3td3v.

Maybe some sound daily quota is reasonable though.