Subject: Re: rfc2228 in ftpd
To: Marc Espie <>
From: Jason R Thorpe <>
List: tech-security
Date: 07/02/2002 16:39:58
[ CC'd to because it provides a lot of reasoning
  behind the current policy that noise is being made about.  Since I was
  one of the main people behind said policy and its implementation, I feel
  it appropriate for me to explain why. --thorpej ]

On Tue, Jul 02, 2002 at 06:37:49PM +0200, Marc Espie wrote:

 > Yep, it's funny... but it's also quite serious.  `Censoring' the
 > domain and not censoring other domains is a bit... weird.

Actually, lemme follow-up on this.

We do moderate posts from other domains.  We have quite a list of them.
They're pretty much spam-source domains, for the most part.  We also moderate
message which contain some common "profanity" words -- not necessarily
because we personally find those words offensive, but because the chances
of such a posting being both on-topic and construcive is fairly low (educated,
professional people don't generally use such language during intelligent

One of the reasons that *I* would say "no" to your demand of blanket
moderation for is because it appears as if is not
your personal domain, but rather that of a network provider or company.
That being the case, if you were abusing mailing lists that I controlled,
I would probably moderate only your address and then contact the postmaster
of that domain.  If I received a beligerent response from the postmaster,
then I would certainly consider moderating the entire domain.

It's not an arbitrary decision -- there is some reasoning and fairness
behind it.

I'm the person who added and to the moderation
list .. I did it quite a number of years ago (1996, I joined NetBSD Core
in December 1995, and some of this also transpired in 1997, but my memory
is fuzzy there), and I suppose I ought to explain why.

The reason that is in the moderation list is because it is
essentially Mr. de Raadt's personal domain.  He can, therefore, post from
any address within that domain.  At the time was added to the
moderation list, OpenBSD consisted of basically one person: Mr. de Raadt.
That is to say, was essentially equivalent to  That
may or may not be the case now.  I am speaking of when the original decision
was made.

If someone were being abusive from addresses, and it was brought
to the attention of the NetBSD Project administration, the NetBSD Project
administration would take steps to stop that person from using his/her address for that purpose.  If that person did not stop doing so,
their account would be deleted, and they would be removed from
the NetBSD Project (all NetBSD developers sign an agreement stating that
they will behave in an appropriate manner as representatives of the NetBSD

There is absolutely no reason to think that the OpenBSD project would do
something similar in response to a complaint against Mr. de Raadt (for
obvious reasons).

Like I said before, I am not in the position of making or implementing NetBSD
administrative policy (I relinquished those positions quite some time ago),
so I don't know what the current administration's position is on this matter,
you'll have to ask them. is their address.

I do know that the idea of "whitelisting" people who both play nice and
post from the domain has been floated around (i.e. "ah, this
person acts reasonably, the moderation policy for that is list "all posts
approved"), but, again, I don't know what the current status is.

 > I sincerely hope this whole nonsense stops soon...

I sincerely wish that Mr. de Raadt would act like a professional when
making posts to the NetBSD Project mailing lists so that his postings
didn't have to be moderated.

Let me make one thing clear: NetBSD lists are provided as a service
by the NetBSD Project to the NetBSD community.  They are for no one else's
benefit.  Mr. dr Raadt's use of the NetBSD Project's mailing lists have,
from my perspective, at least, for a very long time, had nothing to do
with benefiting the NetBSD community, and everything to do with exacting
some sort of "revenge" for having been told to leave the NetBSD Project
all those years ago.  I see no indication that Mr. de Raadt intends to
change in this regard.

If they were your mailing lists being used to insult and abuse you, would
you moderate them?

If someone on the GCC mailing lists started spreading FUD, half-truths,
less-than-half-truths, and hurling insults at GCC developers, don't you
think the GCC project administration would put a stop to it?

I have no problem with cooperating with many developers in the OpenBSD
Project (including you, and I can think of many others with which I have
had calm, productive, and even friendly conversations with, and whom I
genuinely like as people -- I've met a number of them in person over the
years, and I would hope they would say the same about me).  However, I
have had to put up with Mr. de Raadt's abuse in NetBSD forums for a very
long time, and, quite frankly, am VERY tired of doing so.

I have no doubt that Mr. de Raadt can be a nice guy (and I've even
witnessed this first-hand on several occasions).  But in the context
of the NetBSD Project's mailing lists, history speaks for itself.

He was given several "second chances".  Eventually, one comes to the
conclusion that a person simply cannot be dealt with in any rational
way.  So you take measures to ensure that you don't *have* to deal with

How does that old saying go again?  Screw me once, shame on you.  Screw
me twice, shame on me.

 > > 	No, and if you don't like it, don't post to the NetBSD lists.
 > And then my response would be:
 > 	Okay, I'll make sure everyone I know understands why I stopped
 > 	posting, including slashdot, daemonnews, and the FSF projects...
 > This kind of thing can get ugly very, very fast...

...and my final comment is: If you're going to make threats, then threaten
the people who make/implement NetBSD Project policy.  If you do it often
enough, you might get your wish of being added to the moderation list.

        -- Jason R. Thorpe <>