[rsbac] Forum

Paul D. Robertson proberts at patriot.net
Fri Apr 17 15:58:59 CEST 2009

Amon Ott wrote:

> - The forum is hosted in a virtual server forum.rsbac.org. If Paul is still 
> willing to set it up and maintain it technically, I would gladly accept this 
> offer and support him at the server side. If we feel daring and find more 
> people, we could make it more general and call it forum.kernelsecurity.org 
> with general and RSBAC topics seperated (yes, we own that domain. :).

I'd think that making it more general would be a good idea.  I generally 
use SMF as I find it to be as good as the commercial forum packages.  It 
needs MySQL and PHP- about the only thing you can't do from the admin 
interface is back up user-submitted images (avatars if allowed and 
images embedded in posts that are uploaded to the server.)  Are you 
proposing hosting it?  I can host it, but all my hosting is on 
Virtuozzo-based VPSes, so they're not RSBAC'd- I can set up a forum on 
one over the weekend, or early next week- or if you wish to host, we can 
coordinate that.

I'd suggest the following main boards:

General Trusted Computing Base
Other Trusted Operating Systems

With appropriate sub-boards under that- perhaps News, 
Configurations/Tips, and Assistance to start.

I'm assuming AppArmor is dead and going too much further will just be 
lots of emptiness, which isn't good, and starting up at LSM would bury 
things too much- we can always rework the tree after getting enough 

As part of the administration, I'd do regular database backups, deal 
with registration issues/problems, keep the software up to date, make 
any structural changes, ban spammers, and provide any other general 
forum admin tasks.

> - Posting is only allowed after registration, read access is free. Condition 
> for registration is that people accept the usual conditions, e.g. that we 
> keep the right to delete inappropiate postings and that all content may be 
> used in the official RSBAC documentation with a free license

SMF supports this well, and the anti-spammer captcha is generally pretty 
good spammers actually end up having to manually register- I think I had 
about twelve incidents over a two-three year period, and once I'd banned 
the offending user/email/IP a couple of times they gave up.  It also 
supports things like limiting private messages for people who haven't 
made many postings.

> - At least two people volunteer to moderate the forum. This means that they 
> keep a regular eye on all postings and block or remove inapropiate stuff and 
> feel responsible for everything. These volunteers should be none of kang, 
> michal and me, we are too busy developing.

Depending on volume, I find it takes 5-10 minutes a day and I'd say that 
two people would be great- the last forum I moderated (for a client- 
commercial stuff) took only ~5m a day and users generally reported spam 
the days I hadn't gotten to it yet.  I'd be happy to fill one of the 
moderator slots.

> - At least one volunteer tracks tipps and solutions in the forum and compiles 
> them into official documentation at www.rsbac.org. Frequent questions go into 
> a FAQ at www.rsbac.org. When the answer is officially in docs, the forum 
> thread is finished with a link to it.

This is very difficult- even with a commercial client with paid 
employees, meeting this goal wasn't done.  My "solution" to this was to 
have a read-only board that postings could be moved to once they were 
considered dead if they were the kind of thing that was a tip/trick.

> - If the forum does not work out, I would rather close it down than keep a 
> dead forum. This includes inactive or missing moderators, because we are 
> legally responsible for postings.

Yep, it takes up to six months to get enough critical mass to make a 
forum work- assuming it's not very active after about six months that's 
where I'd probably put it out of its misery.  I'm not sure what it's 
like in the EU, in the US my impression (I'm not a lawyer) is that 
you're generally only responsible for content if you edit postings or 
fail to remove someone else's intellectual property or contraband images 
(reference is a case outcome known generally as "The Prodigy decision.")

Paul D. Robertson "My statements in this message are personal opinions
proberts at patriot.net      which may have no basis whatsoever in fact."

More information about the rsbac mailing list