On Tue, Sep 1, 2020 at 1:01 PM Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > All, > > I'd like to propose that we publish a security.txt[1] file on our web > site under /.well-known/security.txt and /security.txt > > This file contains information we all already know, but it's in > obviously "proprietary" locations on our web site and might not easily > be found by someone who maybe doesn't speak English, etc. > > Here's my proposed content: > > Contact: secur...@tomcat.apache.org > Contact: > https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_ > with_Apache_Tomcat > Acknowledgments: https://tomcat.apache.org/security.html > Preferred-Languages: en > Canonical: https://tomcat.apache.org/.well-known/security.txt > Hiring: https://tomcat.apache.org/getinvolved.html > > If there are no objections, I'll add it to the site repo, soon. > +1 :D > What's the best way to make sure that the same file ends up in > /.well-known/security.txt and /security.txt? Can git link them > together or something like that? > I'd guess a rewrite rule like Mark suggested. > - -chris > > [1] https://securitytxt.org/ > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9OflcACgkQHPApP6U8 > pFhy7g//bvd5hO/QTg+HJyJ1pRY4DCZUtssratL9iwoXNWmRz5toO6XM+Hj3Bh0U > 4VOV5pMl+dN6DhSvuUSDXumnkF6RFMPYFjs15TvC5BaMbt7jlwfNtez7ByrVimOm > BX9KLsXHgjE04Z4nnqp0S+bXdig5bBTtDLPH9woQOOJfx+4LFyPPUMBaKVzxIh2h > 3VAv1vkUCmwfqzY5jJKxERQBzhYwBzuxOe1dL+qtXZGs6R8++OltX5GH1qYks8PR > 28A8SDp+YWrMEEMkv0vUIle3lmEpzEa3+hujFHhMjxPM3q80d9r1XR7B+T3SodEo > 1udOfBMRG6MGU9OiFD+s8vYgVt2BBBSCTzoeuNQkkf2kbzpeFYChjv7mM4ghBSyy > 6y8Cz5O8HHQwroaxrkbhf1iIlNDdV0zQ+vd1C3EmhiZosD/bWhIL9q0RFzkY5QIY > d4U2AN2Q6r9Wd12jS7ELjKy2q/BshJktEjdHs0HQUvYP26zOK9AVtH/ojFLmfXf8 > E+8TxLX2Wr3e6VyaGOJayeofSeeWEs0a4kxzfTB1ChQ/tG/SBJACCYS12cCq1XIn > nKzkNm1ftbNDgH2IxSfvAPl1m9SzoSO3RJwibrV1bwstahtbvgALHP5raGzZ8Mxo > +piQmPr1YKwxcvQWE3X/aZOv2YryjnbXKCdHixieZu+rU4f7j6M= > =qHDh > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
