[jira] [Commented] (MNGSITE-503) add .well-known/security.txt

Fri, 09 Dec 2022 14:54:03 -0800 


    [ 
https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645508#comment-17645508
 ] 

ASF GitHub Bot commented on MNGSITE-503:
----------------------------------------

bmarwell commented on code in PR #354:
URL: https://github.com/apache/maven-site/pull/354#discussion_r1044897609


##########
pom.xml:
##########
@@ -232,6 +232,32 @@
 -->
         </executions>
       </plugin>
+      <!--
+        used for timestamp of .well-known/security.txt file
+        Plugin-definition must be before resources-plugin to be
+        in the pre-site phase before 'copy-filtered-resources'.
+      -->
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>build-helper-maven-plugin</artifactId>
+        <version>3.3.0</version>
+        <executions>
+          <execution>
+            <id>create-security.txt-timestamp</id>
+            <phase>pre-site</phase>
+            <goals>
+              <goal>timestamp-property</goal>
+            </goals>
+            <configuration>
+              <name>maven.security.expires</name>
+              <locale>ROOT</locale>
+              <pattern>yyyy-MM-dd'T'HH:mm:ss'Z'</pattern>

Review Comment:
   Can do. But your answer doesn't make sense. I can change from literal `'Z'` 
to the TZ pattern `XXX`. But a literal XXX would not be a valid ISO-8601 time.  
Judging from other posts on GitHub, you didn't mean to include the single 
quotes and you do want the offset to be printed, so we don't lie about a few 
hours?
   
   Please note, currently we have a literal Z, not the pattern Z. Your answer 
would have made more sense without the quotes, which is why I ask.





> add .well-known/security.txt
> ----------------------------
>
>                 Key: MNGSITE-503
>                 URL: https://issues.apache.org/jira/browse/MNGSITE-503
>             Project: Maven Project Web Site
>          Issue Type: Improvement
>            Reporter: Benjamin Marwell
>            Assignee: Benjamin Marwell
>            Priority: Major
>              Labels: security
>
> As per consensus on the mailing list (+1 from [~rmannibucau] and me), we 
> should add a file `.well-known/security.txt`.
> I will prepare a PR.
> References:
>  * [.well-known/security.txt at maven.apache.org 
> (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html]
>  * [.well-known/security.txt at maven.apache.org-Apache Mail 
> Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to