From: Alfred Huger (ah@securityfocus.com)
Date: Tue Jul 08 2003 - 16:50:51 EDT
OK, this thread is interesting but it's going to dilute the list in short
order. After business MST the thread will be dead. I'll be happy to
entertain it person to person if people want. Now onto your points.
On Tue, 8 Jul 2003, Gwendolynn ferch Elydyr wrote:
> I expect that you'd drop a posting from -any- entity that had abusive
> or blatantly off content.
I do too but that's not what your post said. To wit:
"If you are moderating postings, than I'd expect you to drop postings that
are clearly inappropriate or obviously damaging."
Obviously damaging and "clearly inappropriate" are hardly mutually
exclusive terms. But I digress.
> -That- has yet to be proven. It certainly isn't at all aparent from
> what you've written to date that protection of vendors isn't one
> of your primary goals.
I am not engaging in this discussion to prove my integrity which is what
you're indirectly speaking to. This discussion was meant to serve as a
sounding board on the issue of vendor reviews and poster accountability.
You're looking for a witch-hunt and there is none to be had here. I've now
gone from secret government cabal agent to mouthpiece for the vendor
community and a dishonest one at that (is there any other type?).
You know a guy can only stomach so many insults. This is what you need to
do. Revisit your meds (you're not taking enough) change out of the Che
Guevara tee-shirt (he was bright - you shame him) and get some fresh air.
After you've managed that and counted to ten bring yourself to realize
that there is no conspiracy afoot here. No hidden backroom dealings or
secret arrangements. Not everything needs to be dramatic. Save your torch
and your personal snipes for a world full of issues that would actually
benefit from them.
> Please try. I'm really quite curious to understand what you believe
> that you're trying to acomplish.
>
I think we are both clear that's a futile endeavor at this point.
> I'm a bit boggled that you can look at both general and specific
> instances in the software industry, but not specifically the security
> industry, and somehow believe that "That can't happen here".
I'm a bit boggled as to why you've not answered the question. I'll forgoe
everyone here the suspense. It's never happened for a product review in
this industry - ever. And I am really quite sure it never will. Being a
vendor mouth piece I have the inside track don't forget.
>
> At any rate, I'm well aware that the list and its moderators are not
> in the US. Calgary, if I recall correctly. Obviously you need no
> reminding that not all subscribers are in the US, either[0].
Nope, I am well aware of where they are as apparently are you. So should
you ever (and I am praying not) see fit to pull sites based largely around
American privacy and constitutional issues out of your bag of tricks, try
to keep it in mind.
> > >>...and I'd ask again, "accountable"? Does that mean 'has an established
> > >>dentity online'
> > Thats a good start actually.
>
> How does that treat people like Rain Forest Puppy and Mudge, whose online
> identies are clearly not real names?
That's a good question. I think I would lean towards allowing it given
they are well known entities and are already professionaly accountable.
Both Rfp, Hobbit, Mudge et. al. all work and thrive in this industry and
are well known both with their handles and without.
> determine whether somebody is posting from an appropriate "accountable"
> address.
I'm still trying to work that one out - I think it's tenable but have no
answers yet. I may have to consult with my handlers in the CIA/IEEE/NSA
for some sage advice on that one. Or perhaps get some more intelligent
discussion out of the list.
-al
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT