oss-sec mailing list archives
Re: wiki
From: Solar Designer <solar () openwall com>
Date: Mon, 18 Feb 2008 22:16:53 +0300
On Mon, Feb 18, 2008 at 08:56:16AM -0700, Vincent Danen wrote:
Hmmm... so where's the Openwall vendor info, eh? <wink wink> =)
Added. Earlier today, I wrote:
Also, I've noticed what I think is a major issue with the wiki - although it is configured to obfuscate e-mail addresses, it only does so when displaying the latest revision of a page. Older revisions and page source appear with the e-mail addresses intact, ready to be grabbed by a "spambot".
It turned out that the older revisions were also subject to automated e-mail address obfuscation, and the reason I got confused was that I was looking specifically at the welcome page where you did not enter this list's address in the DokuWiki-supported format right away. And it only obfuscates e-mail addresses it recognizes - not anything with an @-sign. So we need to be very careful about this - e-mail addresses must be entered as <user () example org> - with the angle brackets. Anyway, I went ahead and corrected this in the old revisions for the welcome page (using VIM on files in the attic) - I hope you don't mind. As to page source, I've disabled the view source / export raw feature. Of course, logged in users with page editing rights can view the source with non-obfuscated e-mail addresses anyway, but let's hope "spambots" are not that good yet - and at a later time we might want to (or have to) revoke page editing rights for new user accounts anyway.
... I think that some of the content to add would be list charter for oss-security (Josh?) and official(?) or primary description of vendor-sec. For the latter, we can take the text from the recently created Wikipedia page - http://en.wikipedia.org/wiki/Vendor-sec - then have the Wikipedia page backed by the already-public info on our wiki.These sound like good ideas to me. Particularly the bit on vendor-sec.
OK, so who is to create the page on vendor-sec? It'd be great if the same people who edited the Wikipedia page would do it, but Steve Kemp did not join us on this list - and I can't force people to join... OK, maybe I can ask him about that.
I think for this to become effective, we need to expose it more
We'll definitely expose the oss-security wiki. I am going to mention it in one of Openwall news items and in an announcement list posting.
and at the same time we can expose vendor-sec a little bit more too.
Yes, this is what will happen, and it appears that vendor-sec members are either for greater exposure or feel neutral about it. Alexander
Current thread:
- wiki Solar Designer (Feb 16)
- Re: wiki Vincent Danen (Feb 17)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki Vincent Danen (Feb 18)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki - e-mail address obfuscation Solar Designer (Feb 18)
- Re: wiki - e-mail address obfuscation Solar Designer (Feb 19)
- Re: wiki - e-mail address obfuscation (GalaxyMaster) (Feb 19)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki Vincent Danen (Feb 19)
- Re: wiki Vincent Danen (Feb 17)
- Re: wiki Josh Bressers (Feb 18)
- charter Jonathan Smith (Feb 18)
- Re: charter Josh Bressers (Feb 19)
- Re: charter Mark J Cox (Feb 19)
- Re: charter Vincent Danen (Feb 19)
- Re: charter - advisories Solar Designer (Feb 19)