[rsbac] Forum

Jens Kasten igraltist at rsbac.org
Fri Apr 17 16:16:23 CEST 2009


Iam would help too, to take parts from moderations tasks.
So the minimum from moderators site would be fullfilled.
I hope the forum does grow on running time.


Am Freitag, den 17.04.2009, 09:58 -0400 schrieb Paul D. Robertson:
> Amon Ott wrote:
> > - The forum is hosted in a virtual server forum.rsbac.org. If Paul is still 
> > willing to set it up and maintain it technically, I would gladly accept this 
> > offer and support him at the server side. If we feel daring and find more 
> > people, we could make it more general and call it forum.kernelsecurity.org 
> > with general and RSBAC topics seperated (yes, we own that domain. :).
> > 
> I'd think that making it more general would be a good idea.  I generally 
> use SMF as I find it to be as good as the commercial forum packages.  It 
> needs MySQL and PHP- about the only thing you can't do from the admin 
> interface is back up user-submitted images (avatars if allowed and 
> images embedded in posts that are uploaded to the server.)  Are you 
> proposing hosting it?  I can host it, but all my hosting is on 
> Virtuozzo-based VPSes, so they're not RSBAC'd- I can set up a forum on 
> one over the weekend, or early next week- or if you wish to host, we can 
> coordinate that.
> I'd suggest the following main boards:
> General Trusted Computing Base
> SeLinux
> TrustedBSD/Darwin
> Other Trusted Operating Systems
> With appropriate sub-boards under that- perhaps News, 
> Configurations/Tips, and Assistance to start.
> I'm assuming AppArmor is dead and going too much further will just be 
> lots of emptiness, which isn't good, and starting up at LSM would bury 
> things too much- we can always rework the tree after getting enough 
> traction.
> As part of the administration, I'd do regular database backups, deal 
> with registration issues/problems, keep the software up to date, make 
> any structural changes, ban spammers, and provide any other general 
> forum admin tasks.
> > - Posting is only allowed after registration, read access is free. Condition 
> > for registration is that people accept the usual conditions, e.g. that we 
> > keep the right to delete inappropiate postings and that all content may be 
> > used in the official RSBAC documentation with a free license
> > 
> SMF supports this well, and the anti-spammer captcha is generally pretty 
> good spammers actually end up having to manually register- I think I had 
> about twelve incidents over a two-three year period, and once I'd banned 
> the offending user/email/IP a couple of times they gave up.  It also 
> supports things like limiting private messages for people who haven't 
> made many postings.
> > - At least two people volunteer to moderate the forum. This means that they 
> > keep a regular eye on all postings and block or remove inapropiate stuff and 
> > feel responsible for everything. These volunteers should be none of kang, 
> > michal and me, we are too busy developing.
> Depending on volume, I find it takes 5-10 minutes a day and I'd say that 
> two people would be great- the last forum I moderated (for a client- 
> commercial stuff) took only ~5m a day and users generally reported spam 
> the days I hadn't gotten to it yet.  I'd be happy to fill one of the 
> moderator slots.
> > - At least one volunteer tracks tipps and solutions in the forum and compiles 
> > them into official documentation at www.rsbac.org. Frequent questions go into 
> > a FAQ at www.rsbac.org. When the answer is officially in docs, the forum 
> > thread is finished with a link to it.
> This is very difficult- even with a commercial client with paid 
> employees, meeting this goal wasn't done.  My "solution" to this was to 
> have a read-only board that postings could be moved to once they were 
> considered dead if they were the kind of thing that was a tip/trick.
> > - If the forum does not work out, I would rather close it down than keep a 
> > dead forum. This includes inactive or missing moderators, because we are 
> > legally responsible for postings.
> Yep, it takes up to six months to get enough critical mass to make a 
> forum work- assuming it's not very active after about six months that's 
> where I'd probably put it out of its misery.  I'm not sure what it's 
> like in the EU, in the US my impression (I'm not a lawyer) is that 
> you're generally only responsible for content if you edit postings or 
> fail to remove someone else's intellectual property or contraband images 
> (reference is a case outcome known generally as "The Prodigy decision.")
> Paul

More information about the rsbac mailing list