) (10/11/88)
Can someone comment as to when the security list will
be "active" again? The sysadmin and I (the newsadmin) would
very much like to be on this list, and have twice mailed
to it from root within the last six months without getting a reply
(I didn't know it was inactive at the time, but I thought I would
at least get a reply!) To refresh memories, I have included the
writeup below. If this list is going to be out of service for a while,
perhaps it is time to start another list somewhere? Thank you.
dan
security
Contact: {ncar,nbires,pyramid,udenva}!isis!sec-request (Andrew Burt)
*** Currently inactive ****
Purpose: Discussion and comment (and sometimes bug fixes) which
touch on the security aspects of the UNIX operating system. This
mailing list is joined at the pleasure of the applicant's System
Administrator and/or the list administrator.
Requests to join must be mailed from the root account and must
specify (1) the full name of the recipient; (2) the address to send
the list to; (3) the address of the contact person for that site
(if different from (2)).
--
DanSmith IslandGraphics 4000CivicCenterDr SanRafael MarinCo CA 94903 4154911000
daniel@island.uu.net {ucbvax!ucbcad,sun,well,unicom,mcvax!uunet}!island!daniel
415 332 FAST(h) 491 0402(Fax)|d: Nobodys' fault but mine| UnixFeastsMusicFilm
President Quayle?...are you kidding? Bush is bad enough. Vote for Dukakisspaf@cs.purdue.edu (Gene Spafford) (10/12/88)
The question: why is the security mailing list dormant, and how long
will it stay that way?
Answer: it is dormant because it grew so large that no site can be found
where they are willing to host the mailing list -- sending out many
hundreds of mail messages at once is quite a load on many mailers.
The obvious question is, why not turn it into a newsgroup? Because the
moderator doesn't want to broadcast the contents, including hole
information. The list was assembled with some small care that only
sysadmins at well-known sites would be included in the list.
If anyone is willing to host the mailing list at their site, please
send mail to Andrew Burt -- he'd love to hear from you.
--
Gene Spafford
NSF/Purdue/U of Florida Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaflmb@vsi1.UUCP (Larry Blair) (10/13/88)
In article <5093@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes:
=
=The question: why is the security mailing list dormant, and how long
=will it stay that way?
=
=Answer: it is dormant because it grew so large that no site can be found
=where they are willing to host the mailing list -- sending out many
=hundreds of mail messages at once is quite a load on many mailers.
Why not break the list into regions and have a mail server in each region?
The main server would then only have to mail to an alias on each regional
server.
--
Larry Blair ames!vsi1!lmb lmb%vsi1.uucp@ames.arc.nasa.govbch@ecsvax.uncecs.edu (Byron C. Howes) (10/14/88)
Given the discussion in this newsgroup about discussing security issues publicly vs. privately is the case against a newsgroup instead of a mailing list really compelling? I don't think so. I'd argue for a newsgroup, possibly moderated to filter out misdirection. (The moderator of such a group would have to be more knowledgeable than most about security.) Or, if a mailing list is perceived to be better, couldn't it be made manageable by regionalizing it? Ecsvax is a mail feed to a small number of the sites whose sysadmins were on the old security mailing list. I'd be happy to set up a mail alias to feed sites in my area which means that only one copy of the digest needs to be sent out from the distribution point for that set of addresses. I was sorry to see the list die and hope it can be brought back in some incarnation. -- Byron C. Howes Computer Systems Manager bch@uncecs.edu UNC Educational Computing Service
jbayer@ispi.UUCP (id for use with uunet/usenet) (10/14/88)
In article <5093@medusa.cs.purdue.edu>, spaf@cs.purdue.edu (Gene Spafford) writes: > > The question: why is the security mailing list dormant, and how long > will it stay that way? > > Answer: it is dormant because it grew so large that no site can be found > where they are willing to host the mailing list -- sending out many > hundreds of mail messages at once is quite a load on many mailers. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I will now exhibit my ignorance (please, no flames). Is it possible to send 1 mail message to another machine (like uunet) and have that machine distribute the message to the rest of the mailing list? If it is, then it might be possible to support this mail list at our site. Jonathan Bayer Intelligent Software Products, Inc.
matt@oddjob.uchicago.edu (Matt Crawford) (10/15/88)
Suppose the task of reviving the security list were divided up this way: One person checks the new members as Lyle McElhaney used to do. Another is the moderator and hosts the list. Several others run remailing sites which are on the internet and support the SMTP "EXPN" command. That way the first two could keep tabs on the others. I am willing to volunteer for any of those positions except the first. Matt Crawford
soley@ontenv.UUCP (Norman S. Soley) (10/15/88)
In article <5093@medusa.cs.purdue.edu>, spaf@cs.purdue.edu (Gene Spafford) writes: > > The question: why is the security mailing list dormant, and how long > will it stay that way? > > Answer: it is dormant because it grew so large that no site can be found > where they are willing to host the mailing list -- sending out many > hundreds of mail messages at once is quite a load on many mailers. > > The obvious question is, why not turn it into a newsgroup? Because the > moderator doesn't want to broadcast the contents, including hole > information. The list was assembled with some small care that only > sysadmins at well-known sites would be included in the list. > > If anyone is willing to host the mailing list at their site, please > send mail to Andrew Burt -- he'd love to hear from you. A technique I've seen used effectively to deal with very large mailling lists is the use of regional 'expanders'. Essentially the moderator keeps a meta-list of aliases on a dozen or so machines which each have a chunk of the real list for their respective geographic area. It's a lot more work for the moderator and the regional expander sysadmins need to be trusted types, both to keep undesireables from reading the list and to put the work in to keep the whole thing from crashing down. But if machine resources are the only problem... -- Norman Soley - Data Communications Analyst - Ontario Ministry of the Environment UUCP: uunet!attcan!lsuc!ncrcan!ontenv!soley VOICE: +1 416 323 2623 OR: soley@ontenv.UUCP
jep@fantasci.UUCP (Joseph E Poplawski) (10/20/88)
In article <5588@ecsvax.uncecs.edu> bch@ecsvax.UUCP (Byron C. Howes) writes: > >Or, if a mailing list is perceived to be better, couldn't it be made >manageable by regionalizing it? Ecsvax is a mail feed to a small >number of the sites whose sysadmins were on the old security mailing >list. I'd be happy to set up a mail alias to feed sites in my area >which means that only one copy of the digest needs to be sent out >from the distribution point for that set of addresses. > Being the system administrator of system 'fantasci', I would also be willing to set up a "re-distribution" point for the mailing list. Or if it were to go regional, I may be able to take care of this area with some guidance from an experienced mailing list coordinator... The idea of having a central origination point sending out single copies to "re-distribution" points is a good idea... -Jo ------------------------------------------------------------------------------- | Joseph E Poplawski (Jo) US Mail: 1621 Jackson Street | | Cinnaminson NJ 08077 | | UUCP:..!rutgers!rochester!moscom!telesci!fantasci!jep | | ..!princeton!telesci!fantasci!jep | | ..!pyrnj!telesci!fantasci!jep Phone: +1 609 786-8099 home | ------------------------------------------------------------------------------- | He who dies with the most toys wins! | -------------------------------------------------------------------------------
root@zardoz.UUCP (Operator) (10/23/88)
>In article <5093@medusa.cs.purdue.edu>, spaf@cs.purdue.edu (Gene Spafford) writes: >> If anyone is willing to host the mailing list at their site, please >> send mail to Andrew Burt -- he'd love to hear from you. I am willing to host the security mailing list. I sent mail to Andrew Burt at isis a little while back, but it must have been swallowed somewhere along the way. I am sending another message to "postmaster" at isis to duplicate this posted article. zardoz is fairly well connected (1 hop from uunet), and I believe that it has the capacity to handle many mail messages. Assuming that Andrew Burt answers this article or the e-mail I'm sending to isis's postmaster, the mail list will be set up as follows: 1. For now, it will be a mail reflector, to a list maintained by me consisting of root accounts on any machine of reasonable size. 2. Non-root accounts will be added to the list when requested by a root account on the same machine that is already in the list. 3. I will later set up a simple program that only allows accounts listed in the list to post TO the list. I assume that this kind of thing has been done before, so feel free to send me this software, if you have it. 4. The received submissions will not be edited, controlled, refused, or altered in any way, except for provision 3 above. 5. Custom Product Design Inc. assumes no liabalilty for any information posted through the list, or for any subsequent damages caused by any posting on the list. 6. Accounts will be removed from the list at my discretion when I feel that any poster is consistantly posting non-security related information or is using this list for personal attacks or "flames". 7. Requests to be added to the list should be mailed to sec-request@cpd.com 8. Postings to the list should be mailed to security@cpd.com 9. cpd.com is zardoz.UUCP, reached by the path ...!uunet!ccicpg!zardoz If the volume of mail becomes too large, I will continue to run the list under the following additional conditions: 10. No new accounts will be added to the list unless there is a regional re-distribution site reasonably close to that site that is willing to accept another more accounts on their regional distribution list. 11. Re-distribution sites will be accepted in any area, as long as they only accept postings that go through this site (because of provision 3 above). Neil J. Gorsuch root@cpd.com uunet|{ccpcig,spsd}|zardoz!root (714) 547-3000 Custom Product Design, Inc. 1430 S. VIllage Way, Unit Q Santa Ana, CA 92705 USA
neil@zardoz.UUCP (Neil Gorsuch) (10/26/88)
In article <29707@zardoz.UUCP>, root@zardoz.UUCP (Operator) writes: > >In article <5093@medusa.cs.purdue.edu>, spaf@cs.purdue.edu (Gene Spafford) writes: > >> If anyone is willing to host the mailing list at their site, please > >> send mail to Andrew Burt -- he'd love to hear from you. > > I am willing to host the security mailing list. > ... > 7. Requests to be added to the list should be mailed to sec-request@cpd.com > 8. Postings to the list should be mailed to security@cpd.com > 9. cpd.com is zardoz.UUCP, reached by the path ...!uunet!ccicpg!zardoz In the first 3 days, 13 members have been added to the new security mailing list. I have sent mail to the original security list administrators, requesting the previous member list, so that I can have this computer send out notifications and information on joining. Mail has been sent to Gene Spafford requesting that this list be re-activated. A program will be added that prevents anyone not a member of this list from posting on it. If anyone has access to the program "mailaway", please send it here, otherwise I will have to write my own :<). Neil Gorsuch root@cpd.com !zardoz!root
mem@zinn.MV.COM (Mark E. Mallett) (10/26/88)
In article <29707@zardoz.UUCP> root@zardoz.UUCP (Operator) writes: >I sent mail to Andrew Burt >at isis a little while back, but it must have been swallowed somewhere >along the way. Quite some time ago, I (as root) sent mail to isis!sec-request asking to be put on the security mailing list. It didn't work, nor did I get a reply. I simply assumed that either the list didn't exist, or they didn't accept outsiders. Apparently I'm not the only one! -mm- -- Mark E. Mallett Zinn Computer Co/ PO Box 4188/ Manchester NH/ 03103 Bus. Phone: 603 645 5069 Home: 603 424 8129 uucp: mem@zinn.MV.COM ( ...{decvax|elrond|harvard}!zinn!mem ) BIX: mmallett