[Full-Disclosure] Symantec Change Posting Criteria (was Re: Administrivia)

From: Gwendolynn ferch Elydyr (gwenat_private)
Date: Mon Jul 07 2003 - 12:51:42 PDT

  • Next message: Adam Shostack: "Re: [Full-Disclosure] Symantec Change Posting Criteria (was Re: Administrivia)" 

    I've CC'd this email to full-disclosure, so that those folks that aren't
on pen-test are aware of the policy change to posting requirements on
that list - and potentially to more of the securityfocus lists. It's
interesting to note that the only list that appears to have an exemption
from this type of policy or arbitrary action is bugtraq.

On Mon, 7 Jul 2003, Alfred Huger wrote:
> Recently someone posted a question regarding a product (CORE Impact) to
> the list. These types of posts always make me leery because this industry,
> being what it is, rarely has anything nice to say about anything. Being a
> product vendor myself I am particularly aware of how ugly people can be.
> Often, if not always, when these come out the competitors to the product
> generate email addresses elsewhere and have their way. Or the vendor
> itself does the same thing and pumps their product.

When I first read this posting, I went and checked the headers, to see
if it was a forgery. The style seemed rather unlike AH, and the content
was (at best) distressing. To my chagrin, this actually appears to be
valid email.

> The list has 13,000 + people on it. Many of them decision makers so I need
> to be fairly careful about this. So here are the ground rules moving
> forward:
>
> 1.	If you want to post about a product  positive or negative you
> cannot do so from a Huhsmail or other such account.
>
> 2.	If you plan to post use your real name or do not post.
>
> 3.	Be polite  period.
>
> 4.	Do not use this as a forum to take shots at your competitor or I
> will see you and your company banned from every list we have here (except
> Bugtraq).

I have to ask.

Why?

Did the Symantec lawyers have a sudden bout of panic about potential
defamation lawsuits? Are there so many posts to the list that contain
problematic content?

This isn't full-disclosure, the last time I checked. To the best of
my knowledge, pen-test is a moderated list. Surely the moderator is
capable of noting the difference between "Your product sukz0rs" and
"The product proved unable to stand up to traffic above 100Mhz" - and
of passing the appropriate posting through, whether it has "John Doe"
or "thunderfallingdown" attached to it as a moniker.

Beyond that, threats seem inappropriate. "...I will see you and your
company banned from every list we have..." Has Symantec stooped to this
level, or is this personal opinion.

I lament the former list - and the free flow of useful information.

cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

    This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 15:16:34 PDT