Jeffrey_Korte/HR/FCNB/Spgla@private wrote:
>Well, I respectfully disagree with you and I'm sure that you didn't mean to
>infer that I am being unreasonable, thoughtless or unprofessional simply
>because I have a different take on the matter.
>
I certainly did NOT mean to imply that! On the contrary, my experience
with CRIME people is that they are quite reasonable and professional.
My point is that at present there are no rules, and therefore
everything that has been posted by CRIME participants is nominally
within bounds.
>I don't dispute that a charter is needed, the question is - is it enough?
>Who will moderate this new forum? Who has time to undertake it?
>
The standard procedure for managing a mailing list is to first spell out
a policy that describes appropriate content, and then if people cannot
follow that policy, impose moderation to enforce the policy. Many
smaller communities (and CRIME is a small community) can exist quite
happily with only a charter (to remind people of what is "on topic") and
a closed list server (to keep out spammers and other non-community trolls).
>Not trying to be difficult. :) As I stated weeks ago, I joined CRIME to
>obtain and pass along useful information dealing with information security
>issues and the like.
>
Perhaps you do have a point about splitting the list:
* I have seen several posters advocating a broader, more inclusive
charter than the one I proposed. This leads CRIME towards a
pedagogical charter, where people who don't know stuff learn from
people that do
* I have seen other posters advocating a more announcement-style
list. More news, less chat.
Personally, I advocate the latter: I am already on bugtraq, secproc,
secpapers, sectools, vuln-dev, firwall wizards, linux-security-audit,
linux-security-module (which we run, approx. 500 members and no
moderation), and a bunch of others that I can't remember right now. Each
has its own specialized topic, and I would rather that CRIME did not
re-hash a topic that is covered better elsewhere.
So, I advocate a charter that is somewhere in between the two extremes,
biased towards the "announce" end: announce, and then discuss, issues
that are relevant to regional security/law practitioners. So it would be
topical to talk about a virus or attack that is being exploited locally
("Hey, anyone seen one of these?") but would not be topical to ask
generic questions about (say) buffer overflows, which is better covered
in vuln-dev, and in a bunch of classical reference papers. Rather,
questions with better forums would be re-directed to those better forums
and references.
But I could be wrong; perhaps people really do want a regional security
chat forum. I'll subscribe to the announce version only if that is what
is decided. I prefer my chat forums to be global.
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:37:29 PDT