Re^5: Information sharing

On the site, that would equate to being approved for security information by others. I think that's not the kind of thing we'd want.

I agree.

I'm saying that if you do not know the intent, then it's your job to ask if you're going to be concerned about how it's used.

I agree.

Who will continue to answer questions related to security issues when they will be held responsible -- even if it's only by their peers and no legal body -- for the questioner's intent? If fewer people answer, where will that knowledge go?

Very good questions. I don't think we should feel responsible for knowing the asker's intent. I do think we should feel responsible for trying to find it out when it's in question and to use our best judgement in assessing what we learn. If perlmonks were the only or a major place people got knowledge on security I would be more inclined to support the "answer almost anyone almost any time" approach.

Comment on Re^5: Information sharing

Replies are listed 'Best First'.
Re^6: Information sharing by hv (Prior) on Jun 06, 2004 at 03:21 UTC
If perlmonks were the only or a major place people got knowledge on security I would be more inclined to support the "answer almost anyone almost any time" approach. Could you expand on that please? I read it as "because there are other places you can ask, it's OK to set the bar higher here". I don't understand the reasoning behind that - there are other places you can ask "why doesn't my CGI work" too. Hugo	[reply]
Re^7: Information sharing by jZed (Prior) on Jun 06, 2004 at 05:50 UTC
I'm not advocating we never discuss things like bulk-emailing or security here. I'm suggesting that some kinds of discussions of potentially harmful practices be caried out at more specialized sites rather than at a general purpose, broad-audience site like perlmonks. My reasoning is that this will not deter people who really need the information, there is a place they can get it, but that it might deter some of the script-kiddies - the people of any age who are looking for an easy something to cut and paste into their latest malware. Should we brand anyone who asks about security or bulk emailing a deviant and cast them out, no, I hope not. But I also don't think we should offer positive encouragement to people wanting to use the tools for anti-social ends and that we have a right to question intentions and to withohold answers if we have reason to doubt those intentions.	[reply]