Mailing List Archive

...from the archives, Weld Pond wrote:
> Vulnwatch is another full disclosure mailing list. It is an advisory only
> list. No discussions, just advisories. We have 3 moderators: RFP, Steve
> Manzuik, and me. Information is available at www.vulnwatch.org.

I dunno, weld. Naming the list "full-disclosure" certainly beats the point
home with more force than "vulnwatch". ;)
(not that I'm knocking vulnwatch.)

Of course, there's also the Yet-Another-Mailing-List factor. [1]

Then, there's also the added irony of the list archives only being
available to list members. But it's a brand new list, so I'll not
make too much noise about that.


...we could get into a debate about targeted email advertisements while
we're waiting for things to get started. That'd probably be off-topic,
though.



[1] (although, that's not exactly a bad thing.. I, personally, get so much
crap in my inbox that when serious issues do crop up, they're often
crossposted to all N mailing lists, which makes it stand out a little.
...And some lists deliver faster than others...)

--
Erik Fichtner; Unix Ronin
http://www.obfuscation.org/techs/
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Of course, there's also the Yet-Another-Mailing-List factor. [1]
>

The more the merrier. Having only one or two mailing lists that
report vulnerabilities is like having only one or two newspapers.
The key difference between VulnWatch and this new and welcomed
addition, is the fact that VulnWatch doesn't allow the discussions.
This was done because many complained that their mailbox would have
300+ messages a day which makes it easy to miss the important stuff..

> Then, there's also the added irony of the list archives only
> being available to list members. But it's a brand new list,
> so I'll not
> make too much noise about that.

Well, at least they have list archives. :-) Ours are still at
Neohapsis, mostly a time thing for us as all of the VulnWatch
moderators have day jobs that constantly run into after
hours.....blah...

> [1] (although, that's not exactly a bad thing.. I,
> personally, get so much
> crap in my inbox that when serious issues do crop up, they're
> often crossposted to all N mailing lists, which makes it
> stand out a little. ...And some lists deliver faster than
> others...)

One of the issues that causes a delay in message delivery is the
subscriber base. I know this was definitely true with Listserv --
the first few people to subscribe get messages nice and quick while
the last few get messages much later. Take Bugtraq for example, if
you are subscriber 10 you will most likely see the message long
before subscriber 20000 sees it. Mind you now that they are off of
Listserv this problem might have been addressed. I have yet to do
any performance testing for VulnWatch.

Unfortunately, cross posting is the only bad side to multiple mailing
lists.



Regards;



Steve Manzuik
Founder & Technical Lead
Entrench Technologies
www.entrenchtech.com

Moderator - VulnWatch
www.vulnwatch.org

- -=-=-=-=-=-=-=-=-=-=-=- www.csicon.net -=-=-=-=-=-=-=-=-=-=-=-

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPS0R9WWolZy6IFPhEQKBHQCglN9/EeJnXL/tlvf2ctRAp5JfjHEAn3Ui
5y5Z8hFLNQ92fwsD9SladIF2
=JMyf
-----END PGP SIGNATURE-----