Russ Allbery <[EMAIL PROTECTED]> writes on 23 July 2000 at 22:54:44 -0700
> Eric Cox <[EMAIL PROTECTED]> writes:
>
> > Some would argue that MAPS abused their position when they listed ORBS -
> > they do have a competing service, do they not?
>
> And ORBS is both spamming and operating a spam support service under the
> definition of that service. Suppose you run a security consulting service
> and as part of that service you publish vulnerabilities in commonly used
> products, as well as provide a network scanner. Now suppose you find a
> security vulnerability in someone else's network scanner. Do you publish
> that vulnerability?
Of course you do; being *very* careful to get it right, since people
will be inclined to see any mistake you make as a deliberate attack on
your competition. (And after giving them reasonable advance notice).
This is the full disclosure argument all over again, isn't it?
I don't mind ORBS publishing the list of known open relays, and I
don't mind ORBS accepting open-relay reports based on scans (or even
running their own).
I find RSS not adequate and RBL badly inadequate (though I continue to
use it to help them be the big stick you describe, a goal I definitely
support and which I have seen work well).
I'd like to use ORBS, but in fact I find the politics intolerable and
the arbitrary behavior too risky. I don't know the details of the
alleged "spamming" -- it sounds like they're bulk-mailing stuff to the
admins of open relays?
--
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
