Before this thread erupts into a flame war, it might be worth re-reading
the BugTraq charter.
<http://www.securityfocus.com/popups/forums/bugtraq/intro.shtml>
<http://tinyurl.com/32zlc>
A quick excerpt:
"BugTraq is a full disclosure moderated mailing list for the *detailed*
discussion and announcement of computer security vulnerabilities: what
they are, how to exploit them, and how to fix them."
From: Alun Jones [mailto:alun (at) texis (dot) com [email concealed]]
<snip>
> I really don't know why _you_ signed up for Bugtraq. Me, I
> signed up because someone posted an exploit for my software
> here some time ago, and didn't bother to tell me about it
> first. I'd like to think that isn't Bugtraq's purpose.
>
> I'd like to think that Bugtraq positions itself as something
> more than a semi-sneaky, behind-the-back-of-the-vendors rant
> group, or an assembly point for root-kit starters.
> Moderators, please stop accepting posts where the poster has
> stated specifically that they have not yet notified the
> vendor, or where the only new thing that is contributed is a
> more insidious version of an existing exploit. And posters,
> please consider carefully before you post whether what you
> post is going to contribute to an increase in security or a
> decrease in security. If you cannot claim that your post
> will help to improve security, then do us a favour and take
> it somewhere else.
<snip>
the BugTraq charter.
<http://www.securityfocus.com/popups/forums/bugtraq/intro.shtml>
<http://tinyurl.com/32zlc>
A quick excerpt:
"BugTraq is a full disclosure moderated mailing list for the *detailed*
discussion and announcement of computer security vulnerabilities: what
they are, how to exploit them, and how to fix them."
From: Alun Jones [mailto:alun (at) texis (dot) com [email concealed]]
<snip>
> I really don't know why _you_ signed up for Bugtraq. Me, I
> signed up because someone posted an exploit for my software
> here some time ago, and didn't bother to tell me about it
> first. I'd like to think that isn't Bugtraq's purpose.
>
> I'd like to think that Bugtraq positions itself as something
> more than a semi-sneaky, behind-the-back-of-the-vendors rant
> group, or an assembly point for root-kit starters.
> Moderators, please stop accepting posts where the poster has
> stated specifically that they have not yet notified the
> vendor, or where the only new thing that is contributed is a
> more insidious version of an existing exploit. And posters,
> please consider carefully before you post whether what you
> post is going to contribute to an increase in security or a
> decrease in security. If you cannot claim that your post
> will help to improve security, then do us a favour and take
> it somewhere else.
<snip>
[ reply ]