I've already cast my vote, but I think a simple yes/no is not sufficient for the real solution.
The real solution is to have a fully open full-disclosure mailing list, only for full-disclosure. People not disclosing vulnerabilities or bugs would be warned then banned on repeat offenses. To resolve the issue of ongoing correspondence regarding disclosures made on the full-disclosure list, there would be a full-disclosure-DISCUSSION list. That would be the 'noise' list, that would contain 99% of what is currently in full-disclosure. This post should go to the discussion list. Many of Morning Wood's posts would hopefully go to the discussion list, with the disclosures he's made going to the full-disclosure list. Would the addition of a discussion list, and the policy change for the full-disclosure list, really cramp anyone's freedom of speech or the value of the full-disclosure list? This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error, you are prohibited from using, divulging any of its contents, or forwarding this email. Please notify [EMAIL PROTECTED] and delete it from your system. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
