Hi Ben, On 11/01/12 17:07, Ben Bucksch wrote: > The majority of discussions here on this list are policy discussions > that are not specifically about bugs that are still embargoed, but > either general "what should we do about this whole class of problems" or > about security bugs that are already in the wild and we need to react to > that. So, there is no inherent need to keep these discussions hidden. > > For those discussions which do need to stay hidden from public view, we > can keep this list. For all others, we could theoretically use > mozilla.dev.security, but there's way too much noise there, so nobody of > importance reads it. I tried posting there several times, and got > practically no relevant responses.
There hasn't been a post in mozilla.dev.security since October; what do you mean by "way too much noise"? If our security community is not, on the whole, members of our public security discussion forum, then that's a problem - but setting up another forum is not necessarily the solution to it. Perhaps people on s-g who are not members of m.d.s can say why they aren't? Didn't know about it? Was once a member but it seemed off-topic? Something else? > The point would be that there is a public track record of our decisions > and why we made them, but we avoid the noise. I don't think discussions happen here solely for lack of a suitable public forum. I think they happen here at least partly because, particularly on the topic of security, people want to express opinions and propose courses of action which will not end up on Slashdot the next day. Mozilla needs a space in between "public" and "security group" (or "employees"). We've needed one for a long time; this is just another manifestation of the issue. Hopefully the Mozillians directory could be the basis for creating such a space, once it supports "blessed tags". I've pinged aakash again about when we might expect to see such a feature. Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
