Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080405051233.GV45590@linsec.ca>
Date: Fri, 4 Apr 2008 23:12:33 -0600
From: Vincent Danen <vdanen@...sec.ca>
To: oss-security@...ts.openwall.com
Subject: Re: Re: "who shouldn't be on-list"

* [2008-04-04 13:46:11 -0800] Jonathan Smith wrote:

> security curmudgeon wrote:
> | As a new subscriber who did not see specific mention of the desired list
> | population, could you clarify who you feel the list is for, or who should
> | not be on it?
>
> As I see it, the list is for members of the open-source community. Thus,
> to be admitted to the list, you either have to demonstrate that you're a
> developer of a (at least marginally notable) open source project, that
> you're a vendor who redistributes oss, or that you're a security
> researcher who audits or otherwise interacts with oss.
>
> This is, of course, only my opinion and may not reflect the rest of the
> group's ideas.

I think this is a good definition.

Bottom-line would be that this isn't a list for end-users.  End-users or
sysadmins, whatever, could be read-only subscribers... heck, that's no
different than reading web archives.

But to be a "member" of the list, with posting priveleges, I think you
need to be someone who can demonstrate an active role with some OSS --
this does not mean you need to be on a vendor security team, or the
apache/samba/whatever security contact.  You could be a grunt developer
who has an interest in security-related stuff (perhaps good programming
techniques, etc.) and as long as you're a member or developer of some
OSS with a reasonable exposure, then I think you can have a voice on the
list if you like.

Honestly, I think a lot of people will be lurkers... so for them they
never need to progress beyond read-only subscriber.  It's the people who
are interested in security (be it re-active or pro-active) that will
want to be "members" of the list.

Now, having said that, I think the ml subscription can be a lot more
open than wiki editing rights (which is a whole different ball of wax).

-- 
Vincent Danen @ http://linsec.ca/

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.