Xref: utzoo news.groups:5902 news.sysadmin:1114
Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!umich!itivax!scs
From: scs@itivax.UUCP (Steve C. Simmons)
Newsgroups: news.groups,news.sysadmin
Subject: Re: Proposal for comp.security/alt.security
Summary: It's just not that hard!
Message-ID: <346@itivax.UUCP>
Date: 31 Oct 88 03:12:12 GMT
References: <2347@isis.UUCP> <22460@tis.llnl.gov> <1147@unisec.usi.com> <329@sulaco.UUCP>
Reply-To: scs@itivax.UUCP (Steve C. Simmons)
Organization: Industrial Technology Institute
Lines: 27


A number of folks have been p*ssing and moaning about how restrictive
the security mailing list is.  Leave aside for the moment arguements
whether or not the list membership should be closely controlled.  It's
not all *that* hard to get on -- or at least, it wasn't when aburt was
being active.  All you had to do was log in as root and send mail to
aburt asking to get on.  He then wrote to all the roots in the mail
chain, asking if the next step in the chain was legit.  As best I recall
it took three hops to get him satisfied.

Size of system had nothing to do with it.  At the time I was (and will
be) getting on a 3b1 that's only got me in the passwd file.

On an unrelated topic: I spoke freely about security issues *affecting
my own system* precisily because I trusted aburts vetting the list.  If
it were wide open, I'd've been much more circumspect.  This is not to say
that we shouldn't have an open discussion; we should.  But the things
I say in a trusted group would be far different from those I say in
an open forum.

Keep the security list as it is.  But let's seriously talk about a
comp.security, or maybe comp.unix.security.

-- 
Steve Simmons		...!umix!itivax!scs
Industrial Technology Institute, Ann Arbor, MI.
"You can't get here from here."