From owner-freebsd-security Tue Aug 27 13: 5:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9491A37B405 for ; Tue, 27 Aug 2002 13:05:04 -0700 (PDT) Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A3E543E42 for ; Tue, 27 Aug 2002 13:05:03 -0700 (PDT) (envelope-from rehsack@liwing.de) Received: (qmail 67318 invoked from network); 27 Aug 2002 19:58:20 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 27 Aug 2002 19:58:20 -0000 Message-ID: <3D6BD999.10753D8E@liwing.de> Date: Tue, 27 Aug 2002 21:57:13 +0200 From: Jens Rehsack Organization: LiWing IT-Services X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Mark Murray Cc: freebsd-security@freebsd.org Subject: Re: Administrivia: Discussion - Making this list subscriber-only References: <3D6BD145.C1991051@liwing.de> <200208271940.g7RJeLl5023113@grimreaper.grondar.org> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mark Murray wrote: > > > > Most of the real FreeBSD security experts avoid this list (or treat it > > > as a "scan-only" list). The reason for this is the treatment of the > > > list as "newbie questions welcome". That is not the original purpose > > > of the list. > > > > But it's a public list with sponsors from industry and persons... > > Sure. I'm not stopping folks from reading the list. I'm trying to > stop lots of the unnecessary _posting_. > > > o Any common sysadmin task. > > > > May be ok, may not. Depends on the "common" of the task. If it's "so" > > common, someone could add it to FAQ or handbook, couldn't someone? > > Indeed! :-) > > This is desparately needed. > > > > o "Which should I use FOO, or BAR?" > > > > I have seen many question like "Should I you ipfilter pr ipfirewall?", > > and those questions really have some reason: > > a) Neither IPFilter nor IPFirewall is really good documented. > > It tooks a lot of expirience and "wisdom" to know hints for use > > in special situations. > > But - in that case - there should be a "security-questions" list. > > b) Very less people knows that both filters could coexists. > > Right. This is a problem that needs to be fixed in its own right. > Would you like to volunteer to provide some basic documentation? > (I can see that English is not your first language. If you provide > something that is factually correct (ignoring any English problems), > we have a Zillion folks who can fix the English and will commit for you.) Not at the moment, but if the problem exists in a few week anymore, please remember me and I try... > > > o Any topic which is more relevant to another list. > > > > Who decides that? On which rules? I think, a collective reply with the > > right list could help more. > > Fair question. List-clarifying FAQ's are good. > > > > o Spam, or replies to spam. > > > > This could be managed using > > a) spam filter for list (what would be done already) > > b) spam filter (rtbl) at your gateway > > c) auth-requests on first post > > I'll see how the list goes. I'm prepared to do all-or-any of the above. > > > > > So I cannot follow your way to close this list. If you want have a private > > > > list, why you don't found your own one? > > > > > > I don't want a private list. I want a high-signal freebsd-specific one. > > > > So a good thing would be a security-questions list. Newbies can ask there > > and the "high-signal" R.I.P. Sounds a little bit ok to me... > > Hmm. Most gurus will avoid it, and I suspect it will become a > duplicate of freebsd-questions. I don't believe that. I can surely speak for the germans here - I know many of the would respond to questions if -security-questions. And if I'm honest, many questions I see in -questions I'd like to see in f.e. -security(-questions), because the -questions is a very low knowledge list. > > But: if someone found the list address, (s)he had read some manual before. > > So there's a place where some rules could be noted... > > FAQ fixes are the real answer. > > > > > Who decides what's a newbie question an what's not? You? Me? Santa > > > > Claus? And everyone started on a small ground... - that's the > > > > way. > > > > > > There are places for newbie questions. This is not it. The list > > > > Not for newbie-security-related. When I was new I was happy 'bout > > security-list. > > Sure. Ends do not justify means. A robber is happy with his income :-) > > > > sort-of evolved towards this, and as this happened, the guru-factor > > > droppeed, and the question-factor rose. The list is now a low-signal > > > duplicate of -questions/-newbies. > > > > That's not really true, but I see, what you mean. But if you ask me > > for my real oppinion: Add all things you don't wanted ask anymore to > > the faq/doc/handbook and (let) commit it. So in 6 month those things > > aren't asked anymore... It's a more friendly way ... > > OK - you have a deal! If you annoy us properly by submitting enough > good-quality documenation upgrades, I'll punish you by a) ensuring they > are committed, and b) if enough of them come, ensuring that you can commit > them your damn self ;-) a) ok b) not ok. I'm a developer and boss of a small company. I do not have enough time to "really" prove into last final detail and the risk that I submit (because it has to be fast) not enought tested and verified stuff. > > > -Questions is a "help-each-other" list. So is USENET. We don't need > > > any more, and unfortunately over time some folks have gotten used > > > to this status quo. This may seem harsh, but such folks have a > > > little unlearning to deal with. Sorry! :-) > > > > I think that -question is a freebsd related "help-each-other" list. > > An security related one is missed at the moment. Remember: the usenet > > has many categories, too. > > Maybe. Lets see how this goes, and well adapt as we go. OK? :-) > > > > You are welcome to stay, you are welcome to read. Pleas understand that > > > I don't want you to go naway; I want you to accept a higher signal ratio, > > > and nI want you to not (unwittingly) contribute to the noise :-) > > > > Of course, but please understand me if I say: let the other ones follow us. > > But I think (after that discussion) a -security-questions is necessary. > > Using force is not solution for the world, just for small numbers of people. > > Give 'em a chance. > > I suspect we may be able to drop the noise below the signal if we do it > properly. > > M > -- > o Mark Murray > \_ > O.\_ Warning: this .sig is umop ap!sdn -- L i W W W i Jens Rehsack L W W W L i W W W W i nnn gggg LiWing IT-Services L i W W W W i n n g g LLLL i W W i n n g g Friesenstraße 2 gggg 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message