I've noticed a trend - each time there is a critical security issue in an application or software there is usually a post referencing it / warning people of it and they typically lead to useful discussions on what makes it vulnerable, how to fix it, and so forth.

A good example of this behavior is over the most recent FreeBSD escalation exploit which was a 0day release - meaning it's pretty critical. The thread is here (http://www.webhostingtalk.com/showthread.php?t=908639) - Pat_H did the deed of disecting the patching procedure / making people aware .. and this is what sparked the idea for this thread.

Would it be useful to have a sub forum for official security issues - simply a forum for confirmed security issues can be posted / discussed? The only reason I think abstracting the forum a bit more would be useful is simply because the amount of posts that get posted tend to drown out important threads such as these (my opinion, of course).

Does anyone else think this may be useful for the boards? It would be essentially another way for people on the boards to become aware of these issues / how to fix them / have general discourse.

Then again it could be an awful idea, though I figured it couldn't hurt mentioning it :).

I don't think anyone really depends on WHT for critical security information about their environment -- most distros have a security announcement mailing list that users may subscribe to to get detailed information.

I also doubt that the new forum would have a high enough volume of posts to justify it being its own entity.

I don't think anyone really depends on WHT for critical security information about their environment -- most distros have a security announcement mailing list that users may subscribe to to get detailed information.


I concur, I was more of aiming as an additional resource, and more importantly discussions on the topics (dissecting / fixes / more down-to-earth discussions) as mailing lists tend to be a bit more "advanced" and full of assumptions regarding the knowledge of the reader(s).


I also doubt that the new forum would have a high enough volume of posts to justify it being its own entity.

Unfortunately I share this same concern - but I figured a quick little thread couldn't hurt :).

I think this is a good Idea :)

If the purpose is to have a forum to hold in-depth discussions on critical security issues, I think the current forum is a good medium for that. I'm not sure what how a separate forum category would foster deeper discussion. I do think that appending [[CRITICAL]] or something similar to the thread title (as in your example) would be a far better way of drawing attention. Otherwise we're relying on members taking the time to look in a different forum when the natural order would likely to look in the current forum.

Them's just my thoughts at this time. But as everyone knows, they're subject to change. :wht:

If the purpose is to have a forum to hold in-depth discussions on critical security issues, I think the current forum is a good medium for that. I'm not sure what how a separate forum category would foster deeper discussion. I do think that appending [[CRITICAL]] or something similar to the thread title (as in your example) would be a far better way of drawing attention. Otherwise we're relying on members taking the time to look in a different forum when the natural order would likely to look in the current forum.

Them's just my thoughts at this time. But as everyone knows, they're subject to change. :wht:


I don't think the [[critical]] thing is that great of an idea because they will get pushed down on the page onto other pages pretty quickly (usually within a day)

this is a good example of a thread that could be in the subforum.

http://www.webhostingtalk.com/showthread.php?t=908639

lots of valuable info there regarding patching that was not in the generic instructions.

I don't think the [[critical]] thing is that great of an idea because they will get pushed down on the page onto other pages pretty quickly (usually within a day)

this is a good example of a thread that could be in the subforum.

http://www.webhostingtalk.com/showthread.php?t=908639

lots of valuable info there regarding patching that was not in the generic instructions.

You hit the nail on the head exactly - this thread along with a few others made me even think of this idea. Unfortunately topics such as how to mitigate DDoS, how to configure Apache, PHP, etc are the threads that tend to stay on top - which is more than fine as it's useful for people - though I feel as a result topics such as the one mentioned get bumped to oblivion very quickly and most people don't see it.

I'm still suck on the "how many threads will really belong there" dilemma :-\

Personally I think it'd be a neat idea as long as it doesn't degenerate into clueless noobs posting every advisory under the sun, just to inflate their post count.

I don't see any point in posting advisories to WHT unless there's discussion attached... but if there were more threads like Pat's I think everyone would win.