On 01/09/2020 18:01, Christopher Schultz wrote:
> All,
> 
> I'd like to propose that we publish a security.txt[1] file on our web
> site under /.well-known/security.txt and /security.txt
> 
> This file contains information we all already know, but it's in
> obviously "proprietary" locations on our web site and might not easily
> be found by someone who maybe doesn't speak English, etc.
> 
> Here's my proposed content:
> 
> Contact: secur...@tomcat.apache.org
> Contact:
> https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_
> with_Apache_Tomcat
> Acknowledgments: https://tomcat.apache.org/security.html
> Preferred-Languages: en
> Canonical: https://tomcat.apache.org/.well-known/security.txt
> Hiring: https://tomcat.apache.org/getinvolved.html
> 
> If there are no objections, I'll add it to the site repo, soon.

+1

> What's the best way to make sure that the same file ends up in
> /.well-known/security.txt and /security.txt? Can git link them
> together or something like that?

The site is in svn.

A rewrite rule?

Mark

> 
> -chris
> 
> [1] https://securitytxt.org/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to