From owner-freebsd-security Wed Dec 5 11:44:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27]) by hub.freebsd.org (Postfix) with ESMTP id 080C837B417 for ; Wed, 5 Dec 2001 11:44:51 -0800 (PST) Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1]) by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id GAA01306; Thu, 6 Dec 2001 06:44:47 +1100 (EDT) Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au (PMDF V5.2-32 #37641) with ESMTP id <01KBJEGYX3TCVFKWPQ@cim.alcatel.com.au>; Thu, 6 Dec 2001 06:44:27 +1100 Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.11.6/8.11.6) id fB5Jiif90572; Thu, 06 Dec 2001 06:44:44 +1100 Content-return: prohibited Date: Thu, 06 Dec 2001 06:44:44 +1100 From: Peter Jeremy Subject: Re: Mail list is posting gone virus!!!! In-reply-to: <20011205165339.462183B1A2@gemini.nersc.gov>; from dart@nersc.gov on Wed, Dec 05, 2001 at 08:53:39AM -0800 To: Eli Dart Cc: Brett Glass , freebsd-security@FreeBSD.ORG Mail-Followup-To: Eli Dart , Brett Glass , freebsd-security@FreeBSD.ORG Message-id: <20011206064443.B90238@gsmx07.alcatel.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5i References: <20011205165339.462183B1A2@gemini.nersc.gov> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2001-Dec-05 08:53:39 -0800, Eli Dart wrote: >Brett makes a very good point. This is a _security_ mailing list, >for discussion of security issues. IMHO, there is no need for >anything but plaintext traffic on this list. If people are going to >send patches, they can include them as part of the text of the >message. This means that PGP signatures get lost, but exceptions can >be made if that's deemed important. Personally, I think that - as a security list - the ability to include PGP signatures is critical. Official security announcements are signed - this is a good thing. It may also be relevant to occasionally submit small amounts of code when discussing security issues. Overall, I'd like to allow the use of MIME, but restrict it to text/plain, application/pgp-signature (and similar) and maybe text/quoted-printable (with a restriction to ensure that the latter is really text). (Yes, you can write an ASCII virus, but it takes more skill than most virus writers have). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message