On 01/09/2020 18:01, Christopher Schultz wrote: > All, > > I'd like to propose that we publish a security.txt[1] file on our web > site under /.well-known/security.txt and /security.txt > > This file contains information we all already know, but it's in > obviously "proprietary" locations on our web site and might not easily > be found by someone who maybe doesn't speak English, etc. > > Here's my proposed content: > > Contact: secur...@tomcat.apache.org > Contact: > https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_ > with_Apache_Tomcat > Acknowledgments: https://tomcat.apache.org/security.html > Preferred-Languages: en > Canonical: https://tomcat.apache.org/.well-known/security.txt > Hiring: https://tomcat.apache.org/getinvolved.html > > If there are no objections, I'll add it to the site repo, soon.
+1 > What's the best way to make sure that the same file ends up in > /.well-known/security.txt and /security.txt? Can git link them > together or something like that? The site is in svn. A rewrite rule? Mark > > -chris > > [1] https://securitytxt.org/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
