Administrivia #35431 - Disclosure discussion continues...

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 11/06/01

Message-ID:  <>
Date:         Tue, 6 Nov 2001 10:46:08 -0500
From: Russ <Russ.Cooper@RC.ON.CA>
Subject:      Administrivia #35431 - Disclosure discussion continues...

Administrivia messages are sent to you to inform you about list
administration issues. They're not meant to be "on-topic". The number of the
Administrivia message is the current number of subscribers.

Two things in this issue;

1. Disclosure discussion continues on NTSecurity.
2. Proposal to change the format of NTBugtraq messages.

1. Disclosure discussion continues on NTSecurity.

As some of you may remember, I've always had this other list, sitting on the sidelines. Its been fired
up several times over the past few years to act as a hosting environment for
some discussion or another.

I decided to use it to allow the discussions about Information Anarchy,
Responsible Disclosure, etc... to continue for those interested.

All of the messages that went through to NTBugtraq are now also in the
NTSecurity archive, and today I am putting through ~100 additional messages
on the subject that have been received but were not put through.

I have, however, modified the way that list will work. Rather than having it
as a mailing list, it will simply be a receptacle. The only way to view the
messages sent there will be through the on-line web archives. I realize that
a few of you won't be able to see those, but the vast majority will. It
means you won't get your inboxes flooded with messages when a spurt occurs,
and you can view them from almost anywhere when you have the time.

You'll notice, when you view the site
( that all of the recent messages
are from me. At the top of each I indicate who sent the message (if the
author doesn't state they want the message anonymous). I'll be doing a bit
of editing, cleaning up messages so they present well, modifying swear words
so they aren't, removing extraneous bits like previous messages, and the
like. I will not alter what someone says, but, for example, I might
inadvertently muck up a PGP signature (so don't bother PGP signing your


To post to NTSecurity, send a message to

To view the messages at NTSecurity, see

We lost a mere 50 subscribers since Friday, probably due to the message
volume. I expected to lose a lot more, so I take it the conversation was
either filtered, or found interesting, by most of the subscribers. I'll use
the NTSecurity list from now on for topics such as this, so don't expect
such a flurry again. If a new discussion crops up, or some important message
gets sent to NTSecurity, I'll drop an Administrivia to NTBugtraq just to
keep people aware.

Thanks for your tolerance of the spate of messages over the weekend, I know
many of you found it very frustrating. Thanks also to the many subscribers
who dropped me a note thanking me for putting it through, I agree with you,
its an important issue that needs airing, and solutions.

2. Proposal to change the format of NTBugtraq messages.

Many posters continue to complain about the number of Out of Office messages
they receive when they post. This, despite the fact that email programs
should be adhering to the RFCs and responding only to the list address
(based on the format of the headers on NTBugtraq messages).

I will shortly begin sending all messages to NTBugtraq myself, rather than
having the original poster's address appear in the message headers at all.

It means that PGP signatures will break, and responses will all be sent to
the list unless you take actions to ensure your response goes to the sender.
Every message will be prefaced with a note indicating who sent the message
(assuming they haven't asked it to be sent anonymously), so you'll know what
address to send private responses to.

I'm doing this (and it means more work for me, btw) to make life easier for
posters. Since, after all, it's the posters that make NTBugtraq worth
anything, I hope that people who don't usually post will understand and
appreciate it. If you're a poster, and believe this approach is wrong, then
please drop me a note and let me hear your opinion.

Otherwise, this new procedure will go into effect on November 12th, 2001.

I return you now to your regularly scheduled NTBugtraq list.

Russ - NTBugtraq Editor