The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Unix 'Security Mailing List' - Archives (1984 - 1987)
DOCUMENT: Unix 'Security Mailing List' #35 not known (1 file, 2216 bytes)
SOURCE: http://securitydigest.org/exec/display?f=unix/archive/035.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT


Subject: #35 - Unix Security Mailing List

Topics:

	Admin and new members

----------------------------------------------------------------------

Newcomers to the list since last issue:

	Eliot Lear (lll-winken!net.bio.net!lear)
	Eric Johnson (gatech!ufl.edu!esj)
	Edward M. Rynes (gatech!cwjcc.cwru.edu!root)
	Lawrence A. Deleski (rutgers!uunet!eplrx7!lad)
	Pat Parseghian (rutgers!Princeton.EDU!pep)
	Paul Graham (rutgers!unrvax.unr.edu!root)
	James B. O'Connor (gatech!FSC.COM!root)
	Greg Woods (isis!ncar!woods)
	Elizabeth A Zaenger (gatech!zippy.eecs.umich.edu!liz)
	Chuck Huffington (lll-winken!lll-crg!ames!uw-beaver!microsoft!apex!chuckh)
	Eric Volpe (rutgers!cmcl2!yale!spock!eric)
	Joel Shprentz (rutgers!bdm.com!shprentz)
	Raymond Carey Smith (lll-winken!netsys!anagld!rcsmith)

----------------------------------------------------------------------
Welcome and welcome back to the Unix Security Mailing List!

I anticipate that the list will be run much the same as it was prior to
The Great Hiatus, so I don't have all that much to say as we start off
again.

The essential points are these...

(1)	Send submissions to security@isis.  Send administrative matters
	to sec-request@isis.  Don't send anything to sec-mailer@isis,
	this is just a dummy alias to prevent returned issues from flooding
	my personal mailbox.  Don't send things to my personal address,
	it gets plenty of mail as it is.

(2)	Please keep an eye on the "Newcomers" column.  As before, these are
	newly joined members, people who have passed the "official" tests
	needed to join -- namely at least one largish site's root has
	vouched for them -- but who may yet need to be scrutinized.  No
	one has ever been kicked off the list, but that doesn't mean you
	all can give up the vigil...

(3)	There are now multiple Unix security lists.  Neil Gorsuch
	(neil@cpd.com) started a list about the time I was getting this
	list back together.  We agreed that "less sensitive" information
	would be published on his list, keeping the sensitive material
	for this list.

	I will gateway all his material onto this list, so you need not
	explicitly join his list (unless you want to).

(4)	I want to clear up an unimportant misconception:  I started
	rejuvenating this list before the worm attack, even before Neil
	started up his list.  I hadn't made an announcement to the net,
	granted, but work was well underway.  This is just to set the
	record straight, for my own satisfaction.  (A few people suggested
	the list was restarted only because of other events, an allegation
	that hurt my pride a teeny bit.  I will admit that events have
	spurred on the rejuvenation process faster than it was going, though.)

(5)	Security of this list itself.  People (including some on the
	(soon-to-be-defunct?) phage list) felt a list that goes out by
	mail can't be secure enough for the types of material this list
	will contain.  I have mixed emotions about this.  I agree on the
	surface, but feel that most of the sites along the uucp paths
	to member sites could probably apply and be accepted to this list
	without any problem.

	However, I want to bring it to the membership to discuss.  The
	alternatives I see (that I can easily implement) would be:
		- requiring members to connect directly with a relay site.
		- requiring members to find an existing member site and
			force the list to only propagate along branches
			that are all member sites.
		- setting up a dedicated machine that calls each member
			site (this would require $$$, and joining the
			list would then cost real money).  I'm not keen
			on this idea, but it would be far more secure.

(6)	I'm debating whether to post the phage list contents or not.  There
	has been an awful lot of it.  I'm tempted to add it to the archives
	but not specifically send it all out.  I don't know what the total
	is, but I imagine 500k-1Mb of text.  Send "votes" to sec-request.
	If there is a lot of interest in me posting the lot of it I will.

(7)	Old material -- stuff that was in the queue from around a year
	ago destined for the old list:  Send it out now, or start from
	scratch?  Or slowly integrate it into the new postings?  Or just
	put it into the archive?  Suggestions welcome.
----------------------------------------------------------------------

                        The UNIX Security Mailing List

                  Ignore the headers on this list and mail to:
                  ...!ncar!isis!security (mail for the list).
                  ...!ncar!isis!sec-request (administrativia).

END OF DOCUMENT