From: Crispin Cowan (crispin@private)
Date: Tue Dec 11 2001 - 19:25:33 PST

  • Next message: George Heuston: "CRIME FW: NIPC Daily Report 12 December 2001"

    Jeffrey_Korte/HR/FCNB/Spgla@private wrote:
    >Well, I respectfully disagree with you and I'm sure that you didn't mean to
    >infer that I am being unreasonable, thoughtless or unprofessional simply
    >because I have a different take on the matter.
    I certainly did NOT mean to imply that! On the contrary, my experience 
    with CRIME people is that they are quite reasonable and professional. 
     My point is that at present there are no rules, and therefore 
    everything that has been posted by CRIME participants is nominally 
    within bounds.
    >I  don't  dispute that a charter is needed, the question is - is it enough?
    >Who will moderate this new forum?  Who has time to undertake it?
    The standard procedure for managing a mailing list is to first spell out 
    a policy that describes appropriate content, and then if people cannot 
    follow that policy, impose moderation to enforce the policy. Many 
    smaller communities (and CRIME is a small community) can exist quite 
    happily with only a charter (to remind people of what is "on topic") and 
    a closed list server (to keep out spammers and other non-community trolls).
    >Not trying to be difficult. :)  As I stated weeks ago, I joined CRIME to
    >obtain and pass along useful information dealing with information security
    >issues and the like.
    Perhaps you do have a point about splitting the list:
        * I have seen several posters advocating a broader, more inclusive
          charter than the one I proposed. This leads CRIME towards a
          pedagogical charter, where people who don't know stuff learn from
          people that do
        * I have seen other posters advocating a more announcement-style
          list. More news, less chat.
    Personally, I advocate the latter: I am already on bugtraq, secproc, 
    secpapers, sectools, vuln-dev, firwall wizards, linux-security-audit, 
    linux-security-module (which we run, approx. 500 members and no 
    moderation), and a bunch of others that I can't remember right now. Each 
    has its own specialized topic, and I would rather that CRIME did not 
    re-hash a topic that is covered better elsewhere.
    So, I advocate a charter that is somewhere in between the two extremes, 
    biased towards the "announce" end: announce, and then discuss, issues 
    that are relevant to regional security/law practitioners. So it would be 
    topical to talk about a virus or attack that is being exploited locally 
    ("Hey, anyone seen one of these?") but would not be topical to ask 
    generic questions about (say) buffer overflows, which is better covered 
    in vuln-dev, and in a bunch of classical reference papers. Rather, 
    questions with better forums would be re-directed to those better forums 
    and references.
    But I could be wrong; perhaps people really do want a regional security 
    chat forum. I'll subscribe to the announce version only if that is what 
    is decided. I prefer my chat forums to be global.
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Security Hardened Linux Distribution:
    Available for purchase:

    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:37:29 PDT