Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Fri, 4 Apr 2008 23:12:33 -0600
From: Vincent Danen <vdanen@...sec.ca>
To: oss-security@...ts.openwall.com
Subject: Re: Re: "who shouldn't be on-list"

* [2008-04-04 13:46:11 -0800] Jonathan Smith wrote:

> security curmudgeon wrote:
> | As a new subscriber who did not see specific mention of the desired list
> | population, could you clarify who you feel the list is for, or who should
> | not be on it?
>
> As I see it, the list is for members of the open-source community. Thus,
> to be admitted to the list, you either have to demonstrate that you're a
> developer of a (at least marginally notable) open source project, that
> you're a vendor who redistributes oss, or that you're a security
> researcher who audits or otherwise interacts with oss.
>
> This is, of course, only my opinion and may not reflect the rest of the
> group's ideas.

I think this is a good definition.

Bottom-line would be that this isn't a list for end-users.  End-users or
sysadmins, whatever, could be read-only subscribers... heck, that's no
different than reading web archives.

But to be a "member" of the list, with posting priveleges, I think you
need to be someone who can demonstrate an active role with some OSS --
this does not mean you need to be on a vendor security team, or the
apache/samba/whatever security contact.  You could be a grunt developer
who has an interest in security-related stuff (perhaps good programming
techniques, etc.) and as long as you're a member or developer of some
OSS with a reasonable exposure, then I think you can have a voice on the
list if you like.

Honestly, I think a lot of people will be lurkers... so for them they
never need to progress beyond read-only subscriber.  It's the people who
are interested in security (be it re-active or pro-active) that will
want to be "members" of the list.

Now, having said that, I think the ml subscription can be a lot more
open than wiki editing rights (which is a whole different ball of wax).

-- 
Vincent Danen @ http://linsec.ca/

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ