mailing list archives
Re: Announcing new security mailing list
From: full-disclosure () lists netsys com (Blue Boar)
Date: Thu, 11 Jul 2002 18:00:25 -0700
Matthew S. Hallacy wrote:
I disagree, I think my DOCSIS vulnerability posting is a good example of
something that should have gone out immediately, but was /never/ posted.
( I ended up taking it to another list)
It was valid, the vendors knew, but it was withheld because you deemed it
"You", meaning who? Not I.. it went to my list:
I have my own set of (often harsher) standards for what posts I allow on
vuln-dev... but that has nothing to do with Bugtraq.
I assume you mean Dave, whose reply is here:
I suppose you can accuse him of not stating his standards well enough up
front for what kinds of messages he considers fraud instructions.
I might not have approved the original message either. For messages like
that, I'm often torn between my policy of not allowing posts that tell that
a particular site is vulnerable to a hole only they can fix, and allowing
the poster to implicate themself for the poking around they've done. It
kinda depends if I feel like I've been made an accessory. If so, I'll
usually approve it for the world to see. Or, maybe forward to the FBI. I
haven't had occasion to do the latter yet.
The point being, that has nothing to do with the Bugtraq moderator holding
posts so he can warn a vendor to make a fix.
In your case, if I'm reading the headers correctly, there were only about 6
hours between when you sent the note to Bugtraq, and decided it wasn't
going to be posted?
Re: Announcing new security mailing list Matthew S. Hallacy (Jul 11)
Re: Announcing new security mailing list Ron DuFresne (Jul 12)
Re: Announcing new security mailing list Matthew S. Hallacy (Jul 12)