Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Aug 2002 21:57:13 +0200
From:      Jens Rehsack <rehsack@liwing.de>
To:        Mark Murray <mark@grondar.za>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Administrivia: Discussion - Making this list subscriber-only
Message-ID:  <3D6BD999.10753D8E@liwing.de>
References:  <3D6BD145.C1991051@liwing.de> <200208271940.g7RJeLl5023113@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


Mark Murray wrote:
> 
> > > Most of the real FreeBSD security experts avoid this list (or treat it
> > > as a "scan-only" list). The reason for this is the treatment of the
> > > list as "newbie questions welcome". That is not the original purpose
> > > of the list.
> >
> > But it's a public list with sponsors from industry and persons...
> 
> Sure. I'm not stopping folks from reading the list. I'm trying to
> stop lots of the unnecessary _posting_.
> 
> > o Any common sysadmin task.
> >
> > May be ok, may not. Depends on the "common" of the task. If it's "so"
> > common, someone could add it to FAQ or handbook, couldn't someone?
> 
> Indeed! :-)
> 
> This is desparately needed.
> 
> > > o "Which should I use FOO, or BAR?"
> >
> > I have seen many question like "Should I you ipfilter pr ipfirewall?",
> > and those questions really have some reason:
> > a) Neither IPFilter nor IPFirewall is really good documented.
> >    It tooks a lot of expirience and "wisdom" to know hints for use
> >    in special situations.
> >    But - in that case - there should be a "security-questions" list.
> > b) Very less people knows that both filters could coexists.
> 
> Right. This is a problem that needs to be fixed in its own right.
> Would you like to volunteer to provide some basic documentation?
> (I can see that English is not your first language. If you provide
> something that is factually correct (ignoring any English problems),
> we have a Zillion folks who can fix the English and will commit for you.)

Not at the moment, but if the problem exists in a few week anymore, please
remember me and I try...

> > > o Any topic which is more relevant to another list.
> >
> > Who decides that? On which rules? I think, a collective reply with the
> > right list could help more.
> 
> Fair question. List-clarifying FAQ's are good.
> 
> > > o Spam, or replies to spam.
> >
> > This could be managed using
> > a) spam filter for list (what would be done already)
> > b) spam filter (rtbl) at your gateway
> > c) auth-requests on first post
> 
> I'll see how the list goes. I'm prepared to do all-or-any of the above.
> 
> > > > So I cannot follow your way to close this list. If you want have a private
> > > > list, why you don't found your own one?
> > >
> > > I don't want a private list. I want a high-signal freebsd-specific one.
> >
> > So a good thing would be a security-questions list. Newbies can ask there
> > and the "high-signal" R.I.P. Sounds a little bit ok to me...
> 
> Hmm. Most gurus will avoid it, and I suspect it will become a
> duplicate of freebsd-questions.

I don't believe that. I can surely speak for the germans here - I know
many of the would respond to questions if -security-questions. And if
I'm honest, many questions I see in -questions I'd like to see in f.e.
-security(-questions), because the -questions is a very low knowledge list.

> > But: if someone found the list address, (s)he had read some manual before.
> > So there's a place where some rules could be noted...
> 
> FAQ fixes are the real answer.
> 
> > > > Who decides what's a newbie question an what's not? You? Me? Santa
> > > > Claus?  And everyone started on a small ground... - that's the
> > > > way.
> > >
> > > There are places for newbie questions. This is not it. The list
> >
> > Not for newbie-security-related. When I was new I was happy 'bout
> > security-list.
> 
> Sure. Ends do not justify means. A robber is happy with his income :-)
> 
> > > sort-of evolved towards this, and as this happened, the guru-factor
> > > droppeed, and the question-factor rose. The list is now a low-signal
> > > duplicate of -questions/-newbies.
> >
> > That's not really true, but I see, what you mean. But if you ask me
> > for my real oppinion: Add all things you don't wanted ask anymore to
> > the faq/doc/handbook and (let) commit it. So in 6 month those things
> > aren't asked anymore...  It's a more friendly way ...
> 
> OK - you have a deal! If you annoy us properly by submitting enough
> good-quality documenation upgrades, I'll punish you by a) ensuring they
> are committed, and b) if enough of them come, ensuring that you can commit
> them your damn self ;-)

a) ok
b) not ok. I'm a developer and boss of a small company. I do not have
   enough time to "really" prove into last final detail and the risk
   that I submit (because it has to be fast) not enought tested and
   verified stuff.

> > > -Questions is a "help-each-other" list. So is USENET. We don't need
> > > any more, and unfortunately over time some folks have gotten used
> > > to this status quo. This may seem harsh, but such folks have a
> > > little unlearning to deal with. Sorry! :-)
> >
> > I think that -question is a freebsd related "help-each-other" list.
> > An security related one is missed at the moment. Remember: the usenet
> > has many categories, too.
> 
> Maybe. Lets see how this goes, and well adapt as we go. OK? :-)
> 
> > > You are welcome to stay, you are welcome to read. Pleas understand that
> > > I don't want you to go naway; I want you to accept a higher signal ratio,
> > > and nI want you to not (unwittingly) contribute to the noise :-)
> >
> > Of course, but please understand me if I say: let the other ones follow us.
> > But I think (after that discussion) a -security-questions is necessary.
> > Using force is not solution for the world, just for small numbers of people.
> > Give 'em a chance.
> 
> I suspect we may be able to drop the noise below the signal if we do it
> properly.
> 
> M
> --
> o       Mark Murray
> \_
> O.\_    Warning: this .sig is umop ap!sdn

-- 
L     i  W     W     W  i                 Jens Rehsack
L        W     W     W
L     i   W   W W   W   i  nnn    gggg    LiWing IT-Services
L     i    W W   W W    i  n  n  g   g
LLLL  i     W     W     i  n  n  g   g    Friesenstraße 2
                                  gggg    06112 Halle
                                     g
                                 g   g
Tel.:  +49 - 3 45 - 5 17 05 91    ggg     e-Mail: <rehsack@liwing.de>
Fax:   +49 - 3 45 - 5 17 05 92            http://www.liwing.de/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D6BD999.10753D8E>