Oh missed the publication! Then +1 to link to asf security page. Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://rmannibucau.metawerx.net/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/application-development/java-ee-8-high-performance>
Le dim. 20 nov. 2022 à 19:38, Benjamin Marwell <[email protected]> a écrit : > It is not a draft: > https://datatracker.ietf.org/doc/html/rfc9116 > > Source: > https://securitytxt.org > > Yes, I know apache.org has their own page, and I would not add any > contradicting information. In fact, there's a policy field taking an > URL which should point to the apache.org policy > (https://www.apache.org/security/#reporting-a-vulnerability). > > -Ben > > Am So., 20. Nov. 2022 um 19:32 Uhr schrieb Romain Manni-Bucau > <[email protected]>: > > > > Hi, > > > > AFAIK it is still a draft which can not go anywhere (or go elsewhere like > > .security/ for some exposure reason since .well-known already has > adoption > > and rules) and I didn't see it much adopted yet. However at apache we > have > > kind of standards for that so isn't it too early to adopt it? > > > > Romain Manni-Bucau > > @rmannibucau <https://twitter.com/rmannibucau> | Blog > > <https://rmannibucau.metawerx.net/> | Old Blog > > <http://rmannibucau.wordpress.com> | Github < > https://github.com/rmannibucau> | > > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > > < > https://www.packtpub.com/application-development/java-ee-8-high-performance > > > > > > > > Le dim. 20 nov. 2022 à 18:48, Benjamin Marwell <[email protected]> a > > écrit : > > > > > Hi! > > > > > > Due to the recent GH activities (eg [1]), it came to my attention that > > > there is no file ".well-known/security.txt" on maven.apache.org. > > > > > > We really should adopt it! > > > For some more information, please refer to [2]. > > > > > > WDYT? > > > > > > - Ben > > > > > > [1]: https://github.com/apache/maven-project-utils/pull/5 > > > [2]: https://developer.okta.com/blog/2021/10/19/intro-security-txt > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
