Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 25 Jun 2017 00:07:10 +0800
From: Shawn <citypw@...il.com>
To: Solar Designer <solar@...nwall.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Re: More CONFIG_VMAP_STACK vulnerabilities,
 refcount_t UAF, and an ignored Secure Boot bypass / rootkit method

Hi Alexander,

I respect your decision. Because this is your list. To myself, it's
not a crap. I was just simply talking the fact I know. I've been
suffering from Linux security for a long time due to lacking of the
defensive mitigation. Anyway, this kind of discussion may be somewhere
else but not on oss-security.

S0rry for the extra maintainence work on pre-moderation.


On Sat, Jun 24, 2017 at 11:55 PM, Solar Designer <solar@...nwall.com> wrote:
> Shawn,
>
> I really don't appreciate you CC'ing kernel-hardening on this.  As I
> wrote to you in the rejection message for that copy of your message:
>
> "It's sufficient that we have this crap on oss-security.  Let's not spam
> kernel-hardening with it as well.  Let's have it on just one list, and
> it just so happens it started on oss-security this one time.  As a
> moderator, I fully expect I'll have to shut down this thread soon anyway."
>
> I also had to switch kernel-hardening to full message pre-moderation
> because of your CC.  Hopefully temporarily again.  Last time I did this
> (recently), and had since undone it (re-enabling the whitelist until
> today), was because of what I'll call an "anti-grsecurity crap" thread.
>
> Why pre-moderate even for previously whitelisted senders?  Because they
> might be replying to this thread that you attempted to CC to
> kernel-hardening, without them realizing that your initial message was
> not approved there.  This is a general problem with CC's to moderated
> lists, and why I ask that all of us please use CC's sparingly.
>
> I don't like censorship, but I also want these mailing lists to remain
> usable for their primary intended purposes for all of us.  This is why
> we generally don't reject individual messages in these discussion
> threads until eventually having to shut down the threads.  So all sides
> have an equal opportunity to speak.
>
> FWIW, my own opinion on the actual matters raised in these threads is
> nuanced.  I'm not with either side.  I guess this makes it easier for me
> to stay neutral as a moderator.
>
> Alexander



-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.