oss-sec mailing list archives

Re: wiki

From: Solar Designer <solar () openwall com>
Date: Mon, 18 Feb 2008 22:16:53 +0300

On Mon, Feb 18, 2008 at 08:56:16AM -0700, Vincent Danen wrote:

Hmmm... so where's the Openwall vendor info, eh?  <wink wink>  =)


Added.

Earlier today, I wrote:

Also, I've noticed what I think is a major issue with the wiki -
although it is configured to obfuscate e-mail addresses, it only does so
when displaying the latest revision of a page.  Older revisions and page
source appear with the e-mail addresses intact, ready to be grabbed by a
"spambot".


It turned out that the older revisions were also subject to automated
e-mail address obfuscation, and the reason I got confused was that I was
looking specifically at the welcome page where you did not enter this
list's address in the DokuWiki-supported format right away.  And it only
obfuscates e-mail addresses it recognizes - not anything with an @-sign.
So we need to be very careful about this - e-mail addresses must be
entered as <user () example org> - with the angle brackets.  Anyway, I went
ahead and corrected this in the old revisions for the welcome page
(using VIM on files in the attic) - I hope you don't mind.

As to page source, I've disabled the view source / export raw feature.
Of course, logged in users with page editing rights can view the source
with non-obfuscated e-mail addresses anyway, but let's hope "spambots"
are not that good yet - and at a later time we might want to (or have
to) revoke page editing rights for new user accounts anyway.

... I think that some of the content to add would be list charter for
oss-security (Josh?) and official(?) or primary description of
vendor-sec.  For the latter, we can take the text from the recently
created Wikipedia page - http://en.wikipedia.org/wiki/Vendor-sec - then
have the Wikipedia page backed by the already-public info on our wiki.


These sound like good ideas to me.  Particularly the bit on vendor-sec.


OK, so who is to create the page on vendor-sec?  It'd be great if the
same people who edited the Wikipedia page would do it, but Steve Kemp
did not join us on this list - and I can't force people to join... OK,
maybe I can ask him about that.

I think for this to become effective, we need to expose it more


We'll definitely expose the oss-security wiki.  I am going to mention it
in one of Openwall news items and in an announcement list posting.

and at the same time we can expose vendor-sec a little bit more too.


Yes, this is what will happen, and it appears that vendor-sec members
are either for greater exposure or feel neutral about it.

Alexander

Current thread:

wiki Solar Designer (Feb 16)
- Re: wiki Vincent Danen (Feb 17)
  - Re: wiki Solar Designer (Feb 18)
    - Re: wiki Vincent Danen (Feb 18)
    - Re: wiki Solar Designer (Feb 18)
    - Re: wiki - e-mail address obfuscation Solar Designer (Feb 18)
    - Re: wiki - e-mail address obfuscation Solar Designer (Feb 19)
    - Re: wiki - e-mail address obfuscation (GalaxyMaster) (Feb 19)
    - Re: wiki Vincent Danen (Feb 19)
    - Re: wiki Josh Bressers (Feb 18)
    - charter Jonathan Smith (Feb 18)
    - Re: charter Josh Bressers (Feb 19)
    - Re: charter Mark J Cox (Feb 19)
    - Re: charter Vincent Danen (Feb 19)
    - Re: charter - advisories Solar Designer (Feb 19)

(Thread continues...)