This is a formal Request for Discussion (RFD) to remove moderated
newsgroup comp.security.announce.

RATIONALE:

According to Google's archive there has been only one message posted to
this group (on 28 July 2009) in the past three years.

This group has no charter or archived FAQ.  The latest "List of Big
Eight Newsgroups" (15 December 2010) states that this group is for
"Announcements from the CERT about security."  The latest two such
announcements were on 28 July 2009 and 29 December 2005.  There have
been numerous alerts about security vulnerabilities in 2010 posted on
the US-CERT Web site (see below), none of which have been posted to
comp.security.announce.

A newsgroup message sent to comp.security.announce on 24 November 2010
did not appear posted on that group.  A bounce was not possible because
the From address was munged.  Another message was sent on 28 November
2010 with a valid From address.  That message too did not appear posted
on the group.

CERT is an organization within Carnegie Mellon University.  E-mail to
<c...@cert.org> -- the contact address indicated on the CERT Web site --
asking if comp.security.announce is still being used resulted in a reply
from a Jeff Smith with a cert.org E-mail address.  Smith's reply was:
"David, we no longer post to newsgroups. Please check the US-CERT
website for alternative ways of being alerted."

US-CERT is an organization within the U.S. Department of Homeland
Security.  E-mail to <i...@us-cert.gov>, <s...@us-cert.gov>, and
<us-c...@us-cert.gov> -- addresses all indicated on the US-CERT Web site
-- asking if comp.security.announce is still being used have resulted in
no replies.  The last such message was sent 28 October 2010.

An E-mail message was sent to comp-security-annou...@moderators.isc.org
on 5 December 2010.  Neither a bounce nor a reply were received.

NEWSGROUPS LINE:

comp.security.announce  Announcements from the CERT about security.
(Moderated)

DISTRIBUTION:

news.announce.newgroups
news.groups.proposals
comp.security.announce
comp.security.misc

Folowup-To: news.groups.proposals

CHARTER OF COMP.SECURITY.ANNOUNCE

There is no charter archived at
<ftp://ftp.isc.org/pub/usenet/news.announce.newgroups/comp/> for
comp.security.announce.

HISTORY OF THE GROUP:

The earliest message posted to comp.security.announce found in Google's
archive is dated 6 May 2000.  For a number of years, messages about
computer security vulnerabilities were posted when such vulnerabilities
were discovered.  Later, such messages were posted only after the
vendors of the affected software or hardware released fixes.  US-CERT
now issues its messages via E-mail, RSS, and similar services to
subscribers.  Carnegie Mellon's CERT maintains a database, but I cannot
locate a subscription service.

PROPONENT:

David E. Ross <da...@rossde.com>

PROCEDURE:

Those who wish to comment on this request to remove this newsgroup
should subscribe to news.groups.proposals and participate in the
relevant threads in that newsgroup.  To this end, the followup header of
this RFD has been set to news.groups.proposals.

In the course of the removal process three formal announcements will be
posted (1st RFD, 2nd RFD, and LCC), each taking two weeks. At the end of
the process the B8MB will vote on the issue.

Available options for comp.security.announce are:
- leave the group as it is
- remove the group

For more information on the removal process, please see

http://www.big-8.org/wiki/Group_Removal_FAQ

CHANGE HISTORY:

2010-10-26      E-mail messages sent to CERT and US-CERT
2010-10-27      Reply received from CERT (group no longer used)
2010-10-28      Additional E-mail messages sent to US-CERT
2010-11-24      Newsgroup message sent to comp.security.announce (munged
reply address)
2010-11-28      Newsgroup message sent to comp.security.announce (valid reply
address)
2010-12-05      E-mail message sent to comp-security-annou...@moderators.isc.org

--
David E. Ross
<http://www.rossde.com/>

This is the last call for comments (LCC) on the formal Request for
Discussion (RFD) to remove moderated newsgroup comp.security.announce.

RATIONALE:

According to Google's archive there has been only one message posted to
this group (on 28 July 2009) in the past three years.

This group has no charter or archived FAQ.  The latest "List of Big
Eight Newsgroups" (15 December 2010) states that this group is for
"Announcements from the CERT about security."  The latest two such
announcements were on 28 July 2009 and 29 December 2005.  There have
been numerous alerts about security vulnerabilities in 2010 posted on
the US-CERT Web site (see below), none of which have been posted to
comp.security.announce.

A newsgroup message sent to comp.security.announce on 24 November 2010
did not appear posted on that group.  A bounce was not possible because
the From address was munged.  Another message was sent on 28 November
2010 with a valid From address.  That message too did not appear posted
on the group.

CERT is an organization within Carnegie Mellon University.  E-mail to
<c...@cert.org> -- the contact address indicated on the CERT Web site --
asking if comp.security.announce is still being used resulted in a reply
from a Jeff Smith with a cert.org E-mail address.  Smith's reply was:
"David, we no longer post to newsgroups. Please check the US-CERT
website for alternative ways of being alerted."

US-CERT is an organization within the U.S. Department of Homeland
Security.  E-mail to <i...@us-cert.gov>, <s...@us-cert.gov>, and
<us-c...@us-cert.gov> -- addresses all indicated on the US-CERT Web site
-- asking if comp.security.announce is still being used have resulted in
no replies.  The last such message was sent 28 October 2010.

An E-mail message was sent to comp-security-annou...@moderators.isc.org
on 5 December 2010.  Neither a bounce nor a reply were received.

No replies to the 1st or 2nd RFD were posted to news.groups.proposals.

NEWSGROUPS LINE:

comp.security.announce  Announcements from the CERT about security.
(Moderated)

DISTRIBUTION:

news.announce.newgroups
news.groups.proposals
comp.security.announce
comp.security.misc

Folowup-To: news.groups.proposals

CHARTER OF COMP.SECURITY.ANNOUNCE

There is no charter archived at
<ftp://ftp.isc.org/pub/usenet/news.announce.newgroups/comp/> for
comp.security.announce.

HISTORY OF THE GROUP:

The earliest message posted to comp.security.announce found in Google's
archive is dated 6 May 2000.  For a number of years, messages about
computer security vulnerabilities were posted when such vulnerabilities
were discovered.  Later, such messages were posted only after the
vendors of the affected software or hardware released fixes.  US-CERT
now issues its messages via E-mail, RSS, and similar services to
subscribers.  Carnegie Mellon's CERT maintains a database, but I cannot
locate a subscription service.

PROPONENT:

David E. Ross <da...@rossde.com>

PROCEDURE:

Those who wish to comment on this request to remove this newsgroup
should subscribe to news.groups.proposals and participate in the
relevant threads in that newsgroup.  To this end, the followup header of
this RFD has been set to news.groups.proposals.

In the course of the removal process three formal announcements will be
posted (1st RFD, 2nd RFD, and LCC), each taking two weeks. At the end of
the process the B8MB will vote on the issue.

Available options for comp.security.announce are:
- leave the group as it is
- remove the group

For more information on the removal process, please see

http://www.big-8.org/wiki/Group_Removal_FAQ

CHANGE HISTORY:

The Last Call for Comments (LCC) on 2011-02-01 initiated a five-day
period for final comments.  Following this comment period, the Big-8
Management Board has decided by consensus to remove moderated group
comp.security.announce.

RATIONALE:

According to Google's archive there has been only one message posted to
this group (on 28 July 2009) in the past three years.

This group has no charter or archived FAQ.  The latest "List of Big
Eight Newsgroups" (15 December 2010) states that this group is for
"Announcements from the CERT about security."  The latest two such
announcements were on 28 July 2009 and 29 December 2005.  There have
been numerous alerts about security vulnerabilities in 2010 posted on
the US-CERT Web site (see below), none of which have been posted to
comp.security.announce.

A newsgroup message sent to comp.security.announce on 24 November 2010
did not appear posted on that group.  A bounce was not possible because
the From address was munged.  Another message was sent on 28 November
2010 with a valid From address.  That message too did not appear posted
on the group.

CERT is an organization within Carnegie Mellon University.  E-mail to
<c...@cert.org> -- the contact address indicated on the CERT Web site --
asking if comp.security.announce is still being used resulted in a reply
from a Jeff Smith with a cert.org E-mail address.  Smith's reply was:
"David, we no longer post to newsgroups. Please check the US-CERT
website for alternative ways of being alerted."

US-CERT is an organization within the U.S. Department of Homeland
Security.  E-mail to <i...@us-cert.gov>, <s...@us-cert.gov>, and
<us-c...@us-cert.gov> -- addresses all indicated on the US-CERT Web site
-- asking if comp.security.announce is still being used have resulted in
no replies.  The last such message was sent 28 October 2010.

An E-mail message was sent to comp-security-annou...@moderators.isc.org
on 5 December 2010.  Neither a bounce nor a reply were received.

No replies to the 1st or 2nd RFD were posted to news.groups.proposals.

NEWSGROUPS LINE:

comp.security.announce  Announcements from the CERT about security.
(Moderated)

DISTRIBUTION:

news.announce.newgroups
news.groups.proposals
comp.security.announce
comp.security.misc

Folowup-To: news.groups.proposals

CHARTER OF COMP.SECURITY.ANNOUNCE

There is no charter archived at
<ftp://ftp.isc.org/pub/usenet/news.announce.newgroups/comp/> for
comp.security.announce.

HISTORY OF THE GROUP:

The earliest message posted to comp.security.announce found in Google's
archive is dated 6 May 2000.  For a number of years, messages about
computer security vulnerabilities were posted when such vulnerabilities
were discovered.  Later, such messages were posted only after the
vendors of the affected software or hardware released fixes.  US-CERT
now issues its messages via E-mail, RSS, and similar services to
subscribers.  Carnegie Mellon's CERT maintains a database, but I cannot
locate a subscription service.

PROPONENT:

David E. Ross <da...@rossde.com>

CHANGE HISTORY:

2010-10-26      E-mail messages sent to CERT and US-CERT
2010-10-27      Reply received from CERT (group no longer used)
2010-10-28      Additional E-mail messages sent to US-CERT
2010-11-24      Newsgroup message sent to comp.security.announce (munged reply address)
2010-11-28      Newsgroup message sent to comp.security.announce (valid reply address)
2010-12-05      E-mail message sent to comp-security-annou...@moderators.isc.org
2011-01-02      1st RFD
2011-01-17      2nd RFD
2011-02-01      LCC
2011-02-08      RESULT