On Thu, Jul 10, 2014 at 7:51 AM, Pablo <paa.listas@xxxxxxxxx
<mailto:paa.listas@xxxxxxxxx>> wrote:
[Would] it be better to include the Advisory Details/exploit/code
in the body of the email to FD, and not in a link to a
blog/site/company so the list archive will be an archive and not a
index to some, possible down, link?
Yes, it is absolutely better to include full details in the body of
the message rather than just a link. I haven't been rejecting the
link-only messages (as long as there is at least a brief summary), but
they are annoying. Not only are they a pain to read (need to open a
browser and/or follow a link), but they screw up the archives. Right
now we're able to browse Bugtraq from more than 20 years ago, and it's
fascinating:
http://seclists.org/bugtraq/1993/Nov/index.html
But if those messages were just links to other sites, how many would
still work? Hardly any.
Now it's perfectly fine to ALSO include a link to the advisory on a
web site. Just include full details in the body of the post too. The
main exception is binary attachments. If an attachment is more than
500K or a megabyte, just link it that attachment (in the descriptive
text body of your post) to avoid clogging up people's mail spools.
Also, if you're posting someone else's work (like a news story or 3rd
party blog or whatever), there may be copyright issues with just
pasting the whole thing into your message. Still, try to include at
least the first few paragraphs or a summary so we know what it is.
Thanks,
Fyodor