From owner-freebsd-security Tue Aug 27 12:23: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFFCD37B400 for ; Tue, 27 Aug 2002 12:22:49 -0700 (PDT) Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id A06FD43E6E for ; Tue, 27 Aug 2002 12:22:48 -0700 (PDT) (envelope-from rehsack@liwing.de) Received: (qmail 58737 invoked from network); 27 Aug 2002 19:22:47 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 27 Aug 2002 19:22:47 -0000 Message-ID: <3D6BD145.C1991051@liwing.de> Date: Tue, 27 Aug 2002 21:21:41 +0200 From: Jens Rehsack Organization: LiWing IT-Services X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Mark Murray Cc: freebsd-security@freebsd.org Subject: Re: Administrivia: Discussion - Making this list subscriber-only References: <3D6BBF89.F3A028@liwing.de> <200208271849.g7RInvl5022584@grimreaper.grondar.org> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mark Murray wrote: > > > > How will that stop off-topic chatter? > > > > Never. But neither your way does. I'm subscribed and I answer to your > > off-topic post. So we both are the off-topic chatters you want stop. > > Sure? > > :-) > > I am conducting this discussion under the "Administrativia" flag, so > while it may be off-topic, it is of indirect-but-important relevance > to the list. > > This is a focussed discussion that will cease abruptly when a conclusion > is reached (hopefully!). > > > > > This allows to post validated senders only but keeps freedom to all > > > > people who wants post. > > > > > > _Less_ freedom is actually needed. It is precisely that freedom which > > > has allowed the list to become a question-and-answer (or HOWTO) list > > > that has dropped the signal value so badly. > > > > Pardon, but IMHO this list is read by "security experts". So if I have > > a security related question, I ask here. I'm a good developer, I have > > many knowledge 'bout secure programming and know to protect my box > > enough for stupids. But one the one hand there're many people who have > > much less knowledge to security than me and on the other hand a lot > > of guru's to me. > > Most of the real FreeBSD security experts avoid this list (or treat it > as a "scan-only" list). The reason for this is the treatment of the > list as "newbie questions welcome". That is not the original purpose > of the list. But it's a public list with sponsors from industry and persons... > > What I want to say with that: What is a stupid question to me or not > > security related ot sth. else may important to others with other kind > > of thoughts. What a sort of guys we'll be if we judge 'bout the security > > relate of a posting? > > Fair question (if I understand you correctly). > Relevant: > o Policy issues > o Security bug details or fixes to security holes. > o Experience of effective defences, including documentation of known > problems. > o Interesting security-related code. > ... etc. > Off-topic: > o Any common sysadmin task. May be ok, may not. Depends on the "common" of the task. If it's "so" common, someone could add it to FAQ or handbook, couldn't someone? > o "Which should I use FOO, or BAR?" I have seen many question like "Should I you ipfilter pr ipfirewall?", and those questions really have some reason: a) Neither IPFilter nor IPFirewall is really good documented. It tooks a lot of expirience and "wisdom" to know hints for use in special situations. But - in that case - there should be a "security-questions" list. b) Very less people knows that both filters could coexists. > o Any topic which is more relevant to another list. Who decides that? On which rules? I think, a collective reply with the right list could help more. > o Spam, or replies to spam. This could be managed using a) spam filter for list (what would be done already) b) spam filter (rtbl) at your gateway c) auth-requests on first post > ... etc. > > So I cannot follow your way to close this list. If you want have a private > > list, why you don't found your own one? > > I don't want a private list. I want a high-signal freebsd-specific one. So a good thing would be a security-questions list. Newbies can ask there and the "high-signal" R.I.P. Sounds a little bit ok to me... But: if someone found the list address, (s)he had read some manual before. So there's a place where some rules could be noted... > > > Depends on the "end". Here I mean a dramatic drop in newbie questions > > > > Who decides what's a newbie question an what's not? You? Me? Santa Claus? > > And everyone started on a small ground... - that's the way. > > There are places for newbie questions. This is not it. The list Not for newbie-security-related. When I was new I was happy 'bout security-list. > sort-of evolved towards this, and as this happened, the guru-factor > droppeed, and the question-factor rose. The list is now a low-signal > duplicate of -questions/-newbies. That's not really true, but I see, what you mean. But if you ask me for my real oppinion: Add all things you don't wanted ask anymore to the faq/doc/handbook and (let) commit it. So in 6 month those things aren't asked anymore... It's a more friendly way ... > > > and a consequent increase in the technical content/discussion > > > ratio. I also hope to attract back the security gurus, and thus > > > further improve the signal content. > > > > This will not work. Let me explain what I believe what such a list > > is for: I think, some people found a list for security related > > discussions to make it much easier to help each other. Over the > > month and years to original guru's are getting better and better > > while the quality of the list in in everyone's mouth. So some more > > guys and girls are subscribing to participate one every hint and a > > lot of stressed people are just asking sth. and discuss just a small > > (personal preferred) problem, an idea, sth. else. > > -Questions is a "help-each-other" list. So is USENET. We don't need > any more, and unfortunately over time some folks have gotten used > to this status quo. This may seem harsh, but such folks have a > little unlearning to deal with. Sorry! :-) I think that -question is a freebsd related "help-each-other" list. An security related one is missed at the moment. Remember: the usenet has many categories, too. > > And some of the guru's get bored, but many new guru candidates > > subscribed, helped, talked and - sometimes - chatted 'bout security (I > > remember an obfuscation discusion not long ago). > > That fact that some time in the past, this may have worked for individuals > is, erm, unfortunate. I can go to extremes ("Theft works for robbers" etc), > but I think you may understand me if I say the means does not justify > the ends. > > > So in my opinion this list is good just as is. If you are much more > > expirienced and wiser so you have two choices. Go away to a wisdom / > > guru list or stay (what we all prefer) and let us have part of your > > wisdom. > > You are welcome to stay, you are welcome to read. Pleas understand that > I don't want you to go naway; I want you to accept a higher signal ratio, > and nI want you to not (unwittingly) contribute to the noise :-) Of course, but please understand me if I say: let the other ones follow us. But I think (after that discussion) a -security-questions is necessary. Using force is not solution for the world, just for small numbers of people. Give 'em a chance. > > I do not want defend idiots, but - please - there is a difference > > between newbie (what I could be in the eyes of many) and idiots / > > torks. > > Lets not get extreme - we mostly agree. Lets see how this initiative > pans out. Agreed. > M > -- > o Mark Murray > \_ > O.\_ Warning: this .sig is umop ap!sdn -- L i W W W i Jens Rehsack L W W W L i W W W W i nnn gggg LiWing IT-Services L i W W W W i n n g g LLLL i W W i n n g g Friesenstraße 2 gggg 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message