disclosure list announcement

Pete Hartman (pwh@bradley.bradley.edu)
Thu, 8 Dec 94 10:30:03 -0600

I only got 25 substantive responses (I threw out the one or two
that said things like "just get it off bugtraq" or "sign me up"
without acknowledging that I was only doing a survey, though
I did respond to those people looking for further info from them)

They break down mostly like this:

against full disclosure: 2
for partial disclosure: 2
timed/staged full disclosure: 7
100% disclosure, but no trivial exploits: 3
100% full disclosure, no time or exploit aspects mentioned: 3
	(one of these includes a request to add an exploder alias, so
	actually more than 3)
don't know, but in the middle somewhere: 1

interested without stating preference: 7

Two people wanted a digest; unfortunately, I'm trying to do this quickly
and easily, and don't really have the time to set up majordomo and
satisfy myself that it's in right when I can do an :include: list
in a much more straightforward way.  If someone else wants to set up
majordomo and run the list, by all means let me know.

I'm a little concerned that the responses were weighted so heavily towards
a particular point of view on the matter, but those who stated no
preference may have some impact on balancing that.  So I'm going to
go ahead and create the list.  I've signed up those who wrote me
and responded to the questions, so you don't have to re-send any
subscription requests; with the exception of the two people who wanted
a digest--I won't sign either of you up unless you write back and say
that it's ok without a digest.

Anyone else interested at this point can send mail to
disclosure-request@elmegil.bradley.edu to ask me to add you to the
list.  I'm still kind of interested in keeping statistics about the
points of view, so if you like, when you request to be added, go ahead
and mention your stance.  I'm handling this "by hand" but with filtering
software (procmail) that should make it pretty easy to manage.

Also note that I am going to be out of town from the 11th through the
16th.  Since I'm doing this by hand, any addresses received in that period
will *not* be added until I get back.  If you want to wait until after
then to subscribe, by all means, it'll save me some mailbox trouble.

One last thing:  I'd like to use Bob Manson's recent long message as
a jumping off point for discussion, but I haven't gotten any response
from him yet as to whether he'll allow me to resend that to the list
members.  If he does, I will resend it, otherwise, maybe those who
still have a copy or remember his comments could jump in from that
point without me resending it.

Hopefully this will be the last mention of the topic on bugtraq.