REQUEST FOR DISCUSSION (RFD)
moderated group comp.security.announce
This is a formal Request for Discussion (RFD) to remove moderated
According to Google's archive there has been only one message posted to
this group (on 28 July 2009) in the past three years.
This group has no charter or archived FAQ. The latest "List of Big
Eight Newsgroups" (15 December 2010) states that this group is for
"Announcements from the CERT about security." The latest two such
announcements were on 28 July 2009 and 29 December 2005. There have
been numerous alerts about security vulnerabilities in 2010 posted on
the US-CERT Web site (see below), none of which have been posted to
A newsgroup message sent to comp.security.announce on 24 November 2010
did not appear posted on that group. A bounce was not possible because
the From address was munged. Another message was sent on 28 November
2010 with a valid From address. That message too did not appear posted
on the group.
CERT is an organization within Carnegie Mellon University. E-mail to
<email@example.com> -- the contact address indicated on the CERT Web site --
asking if comp.security.announce is still being used resulted in a reply
from a Jeff Smith with a cert.org E-mail address. Smith's reply was:
"David, we no longer post to newsgroups. Please check the US-CERT
website for alternative ways of being alerted."
US-CERT is an organization within the U.S. Department of Homeland
Security. E-mail to <firstname.lastname@example.org>, <email@example.com>, and
<firstname.lastname@example.org> -- addresses all indicated on the US-CERT Web site
-- asking if comp.security.announce is still being used have resulted in
no replies. The last such message was sent 28 October 2010.
An E-mail message was sent to email@example.com
on 5 December 2010. Neither a bounce nor a reply were received.
No replies to the 1st RFD were posted to news.groups.proposals.
comp.security.announce Announcements from the CERT about security.
CHARTER OF COMP.SECURITY.ANNOUNCE
There is no charter archived at
HISTORY OF THE GROUP:
The earliest message posted to comp.security.announce found in Google's
archive is dated 6 May 2000. For a number of years, messages about
computer security vulnerabilities were posted when such vulnerabilities
were discovered. Later, such messages were posted only after the
vendors of the affected software or hardware released fixes. US-CERT
now issues its messages via E-mail, RSS, and similar services to
subscribers. Carnegie Mellon's CERT maintains a database, but I cannot
locate a subscription service.
David E. Ross <firstname.lastname@example.org>
Those who wish to comment on this request to remove this newsgroup
should subscribe to news.groups.proposals and participate in the
relevant threads in that newsgroup. To this end, the followup header of
this RFD has been set to news.groups.proposals.
In the course of the removal process three formal announcements will be
posted (1st RFD, 2nd RFD, and LCC), each taking two weeks. At the end of
the process the B8MB will vote on the issue.
Available options for comp.security.announce are:
- leave the group as it is
- remove the group
For more information on the removal process, please see http://www.big-8.org/wiki/Group_Removal_FAQ
2010-10-26 E-mail messages sent to CERT and US-CERT
2010-10-27 Reply received from CERT (group no longer used)
2010-10-28 Additional E-mail messages sent to US-CERT
2010-11-24 Newsgroup message sent to comp.security.announce (munged
2010-11-28 Newsgroup message sent to comp.security.announce (valid reply
2010-12-05 E-mail message sent to email@example.com
2011-01-02 1st RFD
2011-01-17 2nd RFD
David E. Ross
Anything I post in this newsgroup is my personal
opinion and does not reflect the official position
of the Big8-Usenet Board.