I wanted to contribute a printer banner in order to help you improve the GCF feed service.
It’s not especially private info in itself, but “G” may not yet have had access to every printer model in the world, so it might be a help for the commercial endeavor as well as for the GCF/GSE community. Of course the best would be to send a complete GPLd NASL, which may or may not come later anyway, I don’t know yet as far as I’m concerned for now.
I would like my work to be useful to GCF and not only to GSF, which is my personal preference because due to a strong universalist “Weltanschauung” I want my work to be useful for humanity as a whole and not just for specific parties, but wouldn’t mind all too much if “G” used it for it’s GSE only and doesn’t want to share, because I alsos don’t really like to put fetters on anybody about anything, being a proponent of absolute liberty for anybody, albeit with calling to universal love at the some time, and to generosity as well.
Also, I care about OpSec, e.g. not disclosing any info about networks I attend to or work in myself. So I don’t want to send an E-Mail to a “G” because that might connect my username and registration email to info about a model used in a network of the type I just mentioned.
But sending said banner wasn’t possible with the Forum platform in a private way. So this is what happened:
- I tried to identify if info about said manufacturer/model is in the SecInfo Database, but I could find any specifics.
- I tried a private Message to a “G” member at the post which made me want to help out, but after sending it, I received an error that the message was too long.
- I tried to locate the member’s profile and send a private message to him, but he had no public profile.
- Then I sent it to another member who has a private profile, it got sent, but I noticed that the message was cut, so he might have gotten the HTTP header but not the body of the banner of the specific model. So I asked him if he wants the rest and how to proceed. He may have the complete thing if it’s saved in their Forum DB, or in some log, or maybe not if the Forum SW cut it before saving the complete message.
- Then I gave up, because I didn’t find a private channel to contribute in the way I wanted in a reasonable amount of time.
- I said above, also prefer to work for all and not only for some, so the threshold to continue may have been lower than otherwise.
This “otherwise” implies another thing:
First, I consider anonymous help to a commercial entity a good thing, even if I prefer greenbone’s sharing to GCF of VTs to GSF right away, because I consider greenbones commercial clients important enough for all of our publicly used infrastructure that this alone drives contributions of mine even if they freely choose not or “not yet” to give results to which I contributed back to GCF.
I didn’t find out yet from the infos on the forum how the triage of “this goes into GCF or rather into GSF” and “when to push it from GSF to GCF” is done.
I do not really like to work if it’s useless for me or other people, although, of course, this is sometimes unavoidable, so I accept a certain uncertainty.
But since I also don’t know easily if info about a specific model is in your GSF (without GCF) databases, this somewhat lowers my threshold of contribution into an uncertain result. Is there a good way to find out, so that “The Community” might spare unneccessary contributions (for contributors and your side)? On the other hand, greenbone’s OpSec (linked to their clients’s OpSec) might mandate to keep that info as private as possible.
So maybe that’s a little stumbling point for free contributions you might think about a bit or, if that is already thought through more than I expose here, to give some information about your policies which could help The Community to better evaluate and position it’s efforts.