From owner-freebsd-security Thu Dec 6 10:45: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from yez.hyperreal.org (h0050ba8912fb.ne.mediaone.net [66.31.228.14]) by hub.freebsd.org (Postfix) with SMTP id A427037B42C for ; Thu, 6 Dec 2001 10:44:42 -0800 (PST) Received: (qmail 5778 invoked by uid 1000); 6 Dec 2001 06:37:19 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 6 Dec 2001 06:37:19 -0000 Date: Wed, 5 Dec 2001 22:37:19 -0800 (PST) From: Brian Behlendorf X-X-Sender: brian@localhost To: Owner of many system processes Cc: freebsd-security@FreeBSD.ORG Subject: Re: (WOT) Re: the best edited picture ever In-Reply-To: <20011206044206.GD12011@hq.newdream.net> Message-ID: <20011205222931.L5713-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 5 Dec 2001, Owner of many system processes wrote: > closing the list to off-list subscribers seems to be the simplest > option, and while it might be annoying, there could be some sort of > alternate method of allowing people to post to the list (maybe a web > form for non-subscribers or something)? I don't know about majordomo or mailman, but in ezmlm, one can configure it such that subscribers posts go through, and non-subscribers posts get bounced for moderation (which are easy to approve, and moderation responsibilities can be shared), and in the process of approving a message a moderator can also add said user to a list of "allowed" posters. So pretty quickly all those posting from alternate addresses or the occasional useful outsider get in that allowed list, and the stuff that gets caught ends up being mostly spam. My only worry is that it's a list about security, where time is critical, and if a moderator fails to approve a post it could be a Really Bad Thing; you don't want to see "vendor was notified, but didn't bother to respond" in a bugtraq post about a FreeBSD vulnerability. Moderation posts that are ignored time out after ten days and go back to the original poster, with an explanation that the moderator "didn't act upon" it, so at least stuff doesn't get lost. The challenge with sharing moderation is that every moderator gets every moderation request, and it's only the first response that is considered, so there'd be lots of wasted time spent or potentially miscommunication, "oh, I thought Bob was going to handle it this week", etc. I've wanted to create a web UI for moderators that listed all curent unapproved messages in the queue, so that you wouldn't get that duplication. Maybe you'd have a daily reminder email of the messages in the queue so people who are event-driven and never can remember to visit particular sites regularly (like me) wouldn't forget. Blah blah. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message