I agree this is a discussion worth having. I think the policy should be more objective to give us a clear policy to abide by and enforce.
Suggestions for policy: 1)No tool announcements. Best rational I can think of for this one: Tool announcments should go to the specific group they are for. Pentest, webappsec, etc are all better places for announcements. 2)Only announcements for OSI approved projects. Webappsec has this policy I think, and it rewards people who share the most openly. 3)Announcements for only no-cost projects. Similar to the above 4)Announcements for initial and major feature releases only, with a limit of 1 announcement per x months(3,6,12- whatever we deem reasonable as an upper bound. I think one of the lists has this policy, and it seems the most reasonable one to me. Steve Pete Smith wrote: > John, > > The following line is within the list charter: Alterations will be made > after consultation with list members and a consensus has been reached. > > I would like to suggest that advertising for products and tools (free or > otherwise) be limited to just an initial announcement to tell people > about the tool. > Sending updates for every single minor update made is just useless spam > for the majority of people seeing it, the people who are interested in a > product beyond the initial announcement can and will keep upto date on > changes themselves. > > http://lists.grok.org.uk/full-disclosure-charter.html > > Cheers, > Pete > -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
