From owner-freebsd-security Tue Aug 27 12:47:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA1BE37B400 for ; Tue, 27 Aug 2002 12:47:15 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D7B643E6E for ; Tue, 27 Aug 2002 12:45:20 -0700 (PDT) (envelope-from mark@grimreaper.grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.5/8.12.5) with ESMTP id g7RJjCMA099107; Tue, 27 Aug 2002 20:45:12 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.5/8.12.5/Submit) with UUCP id g7RJjBG5099106; Tue, 27 Aug 2002 20:45:11 +0100 (BST) Received: from grimreaper.grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.5/8.12.5) with ESMTP id g7RJeLl5023113; Tue, 27 Aug 2002 20:40:21 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Message-Id: <200208271940.g7RJeLl5023113@grimreaper.grondar.org> To: Jens Rehsack Cc: freebsd-security@freebsd.org Subject: Re: Administrivia: Discussion - Making this list subscriber-only References: <3D6BD145.C1991051@liwing.de> In-Reply-To: <3D6BD145.C1991051@liwing.de> ; from Jens Rehsack "Tue, 27 Aug 2002 21:21:41 +0200." Date: Tue, 27 Aug 2002 20:40:21 +0100 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Most of the real FreeBSD security experts avoid this list (or treat it > > as a "scan-only" list). The reason for this is the treatment of the > > list as "newbie questions welcome". That is not the original purpose > > of the list. > > But it's a public list with sponsors from industry and persons... Sure. I'm not stopping folks from reading the list. I'm trying to stop lots of the unnecessary _posting_. > o Any common sysadmin task. > > May be ok, may not. Depends on the "common" of the task. If it's "so" > common, someone could add it to FAQ or handbook, couldn't someone? Indeed! :-) This is desparately needed. > > o "Which should I use FOO, or BAR?" > > I have seen many question like "Should I you ipfilter pr ipfirewall?", > and those questions really have some reason: > a) Neither IPFilter nor IPFirewall is really good documented. > It tooks a lot of expirience and "wisdom" to know hints for use > in special situations. > But - in that case - there should be a "security-questions" list. > b) Very less people knows that both filters could coexists. Right. This is a problem that needs to be fixed in its own right. Would you like to volunteer to provide some basic documentation? (I can see that English is not your first language. If you provide something that is factually correct (ignoring any English problems), we have a Zillion folks who can fix the English and will commit for you.) > > o Any topic which is more relevant to another list. > > Who decides that? On which rules? I think, a collective reply with the > right list could help more. Fair question. List-clarifying FAQ's are good. > > o Spam, or replies to spam. > > This could be managed using > a) spam filter for list (what would be done already) > b) spam filter (rtbl) at your gateway > c) auth-requests on first post I'll see how the list goes. I'm prepared to do all-or-any of the above. > > > So I cannot follow your way to close this list. If you want have a private > > > list, why you don't found your own one? > > > > I don't want a private list. I want a high-signal freebsd-specific one. > > So a good thing would be a security-questions list. Newbies can ask there > and the "high-signal" R.I.P. Sounds a little bit ok to me... Hmm. Most gurus will avoid it, and I suspect it will become a duplicate of freebsd-questions. > But: if someone found the list address, (s)he had read some manual before. > So there's a place where some rules could be noted... FAQ fixes are the real answer. > > > Who decides what's a newbie question an what's not? You? Me? Santa > > > Claus? And everyone started on a small ground... - that's the > > > way. > > > > There are places for newbie questions. This is not it. The list > > Not for newbie-security-related. When I was new I was happy 'bout > security-list. Sure. Ends do not justify means. A robber is happy with his income :-) > > sort-of evolved towards this, and as this happened, the guru-factor > > droppeed, and the question-factor rose. The list is now a low-signal > > duplicate of -questions/-newbies. > > That's not really true, but I see, what you mean. But if you ask me > for my real oppinion: Add all things you don't wanted ask anymore to > the faq/doc/handbook and (let) commit it. So in 6 month those things > aren't asked anymore... It's a more friendly way ... OK - you have a deal! If you annoy us properly by submitting enough good-quality documenation upgrades, I'll punish you by a) ensuring they are committed, and b) if enough of them come, ensuring that you can commit them your damn self ;-) > > -Questions is a "help-each-other" list. So is USENET. We don't need > > any more, and unfortunately over time some folks have gotten used > > to this status quo. This may seem harsh, but such folks have a > > little unlearning to deal with. Sorry! :-) > > I think that -question is a freebsd related "help-each-other" list. > An security related one is missed at the moment. Remember: the usenet > has many categories, too. Maybe. Lets see how this goes, and well adapt as we go. OK? :-) > > You are welcome to stay, you are welcome to read. Pleas understand that > > I don't want you to go naway; I want you to accept a higher signal ratio, > > and nI want you to not (unwittingly) contribute to the noise :-) > > Of course, but please understand me if I say: let the other ones follow us. > But I think (after that discussion) a -security-questions is necessary. > Using force is not solution for the world, just for small numbers of people. > Give 'em a chance. I suspect we may be able to drop the noise below the signal if we do it properly. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message