Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 19 Mar 2014 17:31:30 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: [OT] FD mailing list died. Time for new one

On Wed, Mar 19, 2014 at 02:58:23PM +0200, Georgi Guninski wrote:
> Apologies for posting on list mainly dedicated to CVE's.

I guess you're (partially) kidding.  This list is not meant to be
"mainly dedicated to CVE's", it just happened to be that way.  Other
on-topic postings are very welcome, and I find postings about other
related mailing lists (dis)appearing to be on topic, in part because it
affects what topics we choose to discuss in here (and what topics to
discuss in other places).

> The Full Disclosure mailing list died today:
> http://lists.grok.org.uk/
> http://seclists.org/fulldisclosure/2014/Mar/332
> 
> I suppose it is time for a new list.
> 
> Any ideas?

Arrigo Triulzi and I just had this conversation on Twitter:

<solardiz> Hosting unofficial Full-Disclosure archive http://lists.openwall.net/full-disclosure/ we received few message removal requests and no threats that I recall
<@cynicalsecurity> @solardiz shall we reboot FD?
<@solardiz> @cynicalsecurity Maybe, but I don't intend to be involved. I wasn't even subscribed except hosting this archive and sometimes looking at it.
<@cynicalsecurity> @solardiz perhaps we need a different FD, without the automated security bulletins and the trolls. FD with kickbans?
<@solardiz> @cynicalsecurity With "unmoderated" "full disclosure" list, it's tricky to draw the trolling vs. free speech line. I'll let others do it.
<@cynicalsecurity> @solardiz yes, agreed.

So I think someone else should setup the new FD, somewhere.  Openwall
might host an unofficial archive of it again (with no promises of it
staying up), and that's it.

I just recalled another way in which I found FD useful: as a moderator
for oss-security, I sometimes rejected off-topic yet not totally crappy
postings with a comment suggesting that the person posts to FD instead.
We won't be able to continue doing that.  In some cases (mostly for bugs
in proprietary software) we'll be able to continue to redirect people to
Bugtraq, but there are in fact not totally crappy postings that I think
aren't appropriate for either oss-security or Bugtraq - e.g., someone
wanted to conduct a research survey in the security community recently,
and I redirected them to FD (I don't know if they posted, nor if their
posting to FD was approved).  I felt that a posting like that would be
"too crappy" for Bugtraq (although that sentiment is in part based on
"the old Bugtraq" of 1990s), but OK given the overall low SNR on FD.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.