I suspect that some of the confusion and disgruntlement that has arisen
over our (bad) handling of recent events is embodied in the above remark.
ProgSoc isn't about the exec "throwing tidbits" to the membership, or in
fact throwing anything to the membership.
It is about members learning, possibly from each other.
The exec's attempt to behave as responsible net.citizens has been
misconstrued as some sort of attempt to supress access to knowledge
by the membership. Nothing could be further from the truth. One
of the proponents of this supression myth actually used as one of
his arguments the fact that the information that we were chosing
not to disseminate was already publically available.
I missed this at the time, but it seems a little silly to claim that
the exec is trying to stop people from learning by not delivering
publically available information!
(But yes, there is a difference. CERT has become expert at describing
security exposures without giving away the means to exploit them. We
are not. Consequently, I believe, and so does the current exec, that
it is not appropriate that the exec be a vehicle for publishing this
particular type of information. The information is already publically
available, and leaving publication to the experts means one less area
for the exec to make damaging mistakes.)
The point of all of this: have some initiative, don't assume that exec
is responsible for educating you. Certainly it has an obligation to
explain why it did something, but security related material is very
sensitive - get it from the experts.
(Raz steps off soap-box.)
- Raz email@example.com
"It often upsets a man's God fantasies to have (Misquoted? from )
someone shoot down one of his helicopters." (Ben Elton's "Stark" )