The Full Disclosure mailing list is back on track, with Nmap’s Gordon “Fyodor” Lyon picking up the mantle put down by John Cartwright.
“Upon hearing the bad news, I immediately wrote to John offering help. He said he was through with the list, but suggested: ‘You don’t need me. If you want to start a replacement, go for it,'” he explained how the transition happened.
And, after some soul searching, he did.
“Some have argued that we no longer need a Full Disclosure list, or even that mailing lists as a concept are obsolete. They say researchers should just Tweet out links to advisories that can be hosted on Pastebin or company sites. I disagree,” he noted in the post announcing his “takeover”. “Mailing lists create a much more permanent record and their decentralized nature makes them harder to censor or quietly alter in the future.”
“I’m already quite familiar with handling legal threats and removal demands (usually by ignoring them) since I run Seclists.org, which has long been the most popular archive for Full Disclosure and many other great security lists. I already maintain mail servers and Mailman software because I run various other large lists including Nmap Dev and Nmap Announce,” he explained.
Previous members of the mailing list are asked to subscribe again, and new are welcome, as the list starts afresh.
“The new list must be run by and for the security community in a vendor-neutral fashion. It will be lightly moderated like the old list, and a volunteer moderation team will be chosen from the active users. As before, this will be a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community.” Fyodor clarified.
He also added that vendor legal intimidation and censorship attempts won’t be tolerated.