IT-Discuss has proven to be a helpful forum for UVM's IT community to share information, report problems, and help each other do our jobs. From time to time, there is some concern that it could also be helpful in ways we'd all like to avoid, such as providing bits of information that a malicious individual could use, perhaps along with information gathered through social engineering or other means, to compromise UVM systems. Another point of view is that the risk of exploiting information posted on IT-Discuss is outweighed by the value of being able to use external search services like Google to pull useful information from IT-Discuss archives.
A compromise solution might look something like this:
 Allow subscription only from uvm.edu
email addresses (this restriction is already in place)
 Make the IT-Discuss archives "private" so they're accessible only to subscribers, and aren't visible to others, including search engines
If we did make the archives private, they'd still be searchable by logging in at list.uvm.edu
. There are pros and cons to that, but it does work. If you haven't tried it, you'll find the search and browse functions at http://list.uvm.edu/archives/it-discuss.html
. If we were to make the IT-Discuss archives private, we'd have to go through the additional steps of setting a listserv password and logging in, but one can stay logged in more-or-less forever. And of course, we can always search messages saved in our own email accounts.
Another alternative would be for us to remember to use a separate list for discussions that could contain sensitive system information, but that seems prone to confusion and likely to discourage timely exchange of information.
So what do you think? Could we live with private IT-Discuss archives, and is the extra security worth the slight inconvenience? Should we try it and see?
Thanks in advance (aTdHvAaNnKcSe) for your thoughts.
Director, Client Services
Enterprise Technology Services
University of Vermont