[
https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645415#comment-17645415
]
ASF GitHub Bot commented on MNGSITE-503:
----------------------------------------
bmarwell commented on code in PR #354:
URL: https://github.com/apache/maven-site/pull/354#discussion_r1044674863
##########
content/filtered-resources/.well-known/security.txt:
##########
@@ -0,0 +1,6 @@
+Contact: mailto:secur...@apache.org
+Contact: mailto:secur...@maven.apache.org
Review Comment:
Yes, you can repeat this according to RFCs.
The first address is the general a.o address which can be found on the
linked security policy website.
The second one SHOULD exist. It's an address (mailing list) which is created
for each PMC.
> add .well-known/security.txt
> ----------------------------
>
> Key: MNGSITE-503
> URL: https://issues.apache.org/jira/browse/MNGSITE-503
> Project: Maven Project Web Site
> Issue Type: Improvement
> Reporter: Benjamin Marwell
> Assignee: Benjamin Marwell
> Priority: Major
> Labels: security
>
> As per consensus on the mailing list (+1 from [~rmannibucau] and me), we
> should add a file `.well-known/security.txt`.
> I will prepare a PR.
> References:
> * [.well-known/security.txt at maven.apache.org
> (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html]
> * [.well-known/security.txt at maven.apache.org-Apache Mail
> Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
