[gentoo-dev] Spam on gentoo-security mailing list

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-dev] Spam on gentoo-security mailing list
@ 2002-09-27  8:40 Dave Mertens
  2002-09-27  8:47 ` Kevyn Shortell
  0 siblings, 1 reply; 4+ messages in thread
From: Dave Mertens @ 2002-09-27  8:40 UTC (permalink / raw
  To: gentoo-dev

Can someone please tell me how it is possible to send SPAM over a security mailinglist!

I just received over the gentoo-security mailinglist a spam for a ISP in Argentina. I hope for you guys that the gentoo-security list is moderated, otherwise i have serious doubts about the security inside the gentoo distro..

With best regards,

Dave Mertens - Unix Systems Manager

Innovative Solutions in Media BV
Schiekade 101
3033 BG  Rotterdam, Netherlands
T +31-10-2436060
F +31-10-2436066
http://www.ism.nl

Quality Solutions - Reliable Partner

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [gentoo-dev] Spam on gentoo-security mailing list
  2002-09-27  8:40 [gentoo-dev] Spam on gentoo-security mailing list Dave Mertens
@ 2002-09-27  8:47 ` Kevyn Shortell
  2002-09-27  9:11   ` Dave Mertens
  0 siblings, 1 reply; 4+ messages in thread
From: Kevyn Shortell @ 2002-09-27  8:47 UTC (permalink / raw
  To: dmertens, gentoo-dev

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 1333 bytes --]

The list is to discuss functions relating to security itself, how do you improve your system those kind
of things. warnings relating to security. anyone can post questions to a list.

Your gentoo system, is as secure as you the builder of that box, set it up to be. If you emerge 'unsecure'
things, then you'll have an less than secure box.

So how does a public mailing list for discussing security issues or announcements, have any bearing on the actual security of a product? 

Kevyn
----- Original Message ----- 
From: "Dave Mertens" <dmertens@ism.nl>
To: <gentoo-dev@gentoo.org>
Sent: Friday, September 27, 2002 1:40 AM
Subject: [gentoo-dev] Spam on gentoo-security mailing list


> Can someone please tell me how it is possible to send SPAM over a security mailinglist!
> 
> I just received over the gentoo-security mailinglist a spam for a ISP in Argentina. I hope for you guys that the gentoo-security list is moderated, otherwise i have serious doubts about the security inside the gentoo distro..
> 
> With best regards,
> 
> Dave Mertens - Unix Systems Manager
> 
> Innovative Solutions in Media BV
> Schiekade 101
> 3033 BG  Rotterdam, Netherlands
> T +31-10-2436060
> F +31-10-2436066
> http://www.ism.nl
> 
> Quality Solutions - Reliable Partner
>  ^f)+-Ö ^\a(\bm+-\a(\x0f j)fj\x7f b? í¢‡^



^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [gentoo-dev] Spam on gentoo-security mailing list
  2002-09-27  8:47 ` Kevyn Shortell
@ 2002-09-27  9:11   ` Dave Mertens
  2002-09-27 11:13     ` Moritz Schulte
  0 siblings, 1 reply; 4+ messages in thread
From: Dave Mertens @ 2002-09-27  9:11 UTC (permalink / raw
  To: Kevyn Shortell, gentoo-dev

>  The list is to discuss functions relating to security itself, 
>  how do you improve your system those kind
>  of things. warnings relating to security. anyone can post 
>  questions to a list.
What has SPAM todo with security?!

>  Your gentoo system, is as secure as you the builder of that box, 
>  set it up to be. If you emerge 'unsecure'
>  things, then you'll have an less than secure box.
We're testing currently the gentoo distro if it can be used in a production environment. Within that test is also included the quality of the mailinglists of the maintainer of the distro, in this case Gentoo.

>  So how does a public mailing list for discussing security issues 
>  or announcements, have any bearing on the actual security of a product? 
They reflect on each other. Gentoo has setup a mailinglist where it's possible to send SPAM to, this only because the list is not moderated.
Mailinglist are easy stuff. And because the security of the mailinglist is not that good, so why should the distro than even have better security policy?

The gentoo maintainers have to decide whether a post is qualified to be posted to a list. And what if i announce on the security list that Gentoo has a enormous security bug in it's portage system, while it's not true. 

We're subscribed on two mailinglists gentoo-security and gentoo-annouce. Almost every announcement we get three times! One send by the gentoo-security list, the other by the gentoo-annouce list and than we receive a annoucement over both lists..

Further, Announcement of new or upgraded packages shouldn't be on the security list, they belong on the accounce list. Announcements that contains bugs or bug-fixes they belong on the security list.
For example, what has the release of Gentoo 1.4rc1 todo with security?? That's clearly a announcement. 

With best regards,

Dave Mertens - Unix Systems Manager

Innovative Solutions in Media BV
Schiekade 101
3033 BG  Rotterdam, Netherlands
T +31-10-2436060
F +31-10-2436066
http://www.ism.nl

Quality Solutions - Reliable Partner

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [gentoo-dev] Spam on gentoo-security mailing list
  2002-09-27  9:11   ` Dave Mertens
@ 2002-09-27 11:13     ` Moritz Schulte
  0 siblings, 0 replies; 4+ messages in thread
From: Moritz Schulte @ 2002-09-27 11:13 UTC (permalink / raw
  To: dmertens; +Cc: Kevyn Shortell, gentoo-dev

"Dave Mertens" <dmertens@ism.nl> writes:

> What has SPAM todo with security?!

Eh, isn't it part of the definition of SPAM, that it does not have any
context?

> We're testing currently the gentoo distro if it can be used in a
> production environment. Within that test is also included the
> quality of the mailinglists of the maintainer of the distro, in this
> case Gentoo.

I have my doubts about mailinglists being a good way to judge the
quality of a project.

> They reflect on each other. Gentoo has setup a mailinglist where
> it's possible to send SPAM to, this only because the list is not
> moderated.

So, in your opinion all lists should be moderated?  Spam is annoying,
of course, but making all lists moderated is not a solution in my
opinion, because it makes communication also more complicated in a
way.  Look at (open) mailinglists as some kind of technical mechanism.
Not more.  It is the then users job to read what he wants to read and
to skip what he wants to skip.  He can install filters on his
computer, if he wants to.

> Mailinglist are easy stuff. And because the security of the
> mailinglist is not that good, so why should the distro than even
> have better security policy?

"The security of the mailinglist is not good" does not make much
sense; I cannot see any security leak, because the list worked as
expected.  Or can you see a security leak?

> The gentoo maintainers have to decide whether a post is qualified to
> be posted to a list.

I disagree.

> And what if i announce on the security list that Gentoo has a
> enormous security bug in it's portage system, while it's not true.

There should be way to proove wether such a posting is a fake or not -
for instance via signatures.

		moritz
-- 
moritz@duesseldorf.ccc.de - http://duesseldorf.ccc.de/~moritz/
GPG fingerprint = 3A14 3923 15BE FD57 FC06  B501 0841 2D7B 6F98 4199

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2002-09-27 11:02 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-27  8:40 [gentoo-dev] Spam on gentoo-security mailing list Dave Mertens
2002-09-27  8:47 ` Kevyn Shortell
2002-09-27  9:11   ` Dave Mertens
2002-09-27 11:13     ` Moritz Schulte

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox