Re: [Openpacket-devel] New Beta Site Live
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] New Beta Site Live
|
From: Aaron T. <syn...@gm...> - 2007-10-16 20:03:13
|
On Oct 16, 2007 12:35 PM, Richard Bejtlich <tao...@gm...> wrote: > On 10/16/07, Aaron Turner <syn...@gm...> wrote: > > > > Heh, well I guess that's the difference between you and I... I would > > create a "wall of sheep" equivalent for pcap's people upload. :) > > > > Hey Aaron, > > I think such a wall would prompt calls from lawyers, and we don't have > the resources to fight such battles! A properly worded terms of service/notice when uploading files should help here, but let's be honest here... Sooner or later the lawyers will come. If you haven't yet talked to a lawyer about CYA yet, you should. That being said, it's not your fault someone is stupid and uploads a pcap with their username/password in clear text and half the internet reads all their email. It should be the responsibility of the uploader to make sure the information they are providing isn't damaging. Asking you and your team of moderators to make that decision is quite onerous and can't possible take into account different security requirements of each uploader. Example: the security requirements of a bank or gov't contractor would be quite different from something that came from a throwaway test lab at a security company doing exploit research. Basically, you'd have to be quite conservative which means rejecting anything with the slightest security risk. > > On a side note, is there a way to get the list to properly set the > > Reply-To: header? > > > > What did you have in mind? The current setup is the Sourceforge > default, if it matters. I would set it up so that the Reply-To is back to the list. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin |
