On Tue, Sep 1, 2020 at 2:38 PM Mark Thomas <ma...@apache.org> wrote: > On 01/09/2020 18:01, Christopher Schultz wrote: > > All, > > > > I'd like to propose that we publish a security.txt[1] file on our web > > site under /.well-known/security.txt and /security.txt > > > > This file contains information we all already know, but it's in > > obviously "proprietary" locations on our web site and might not easily > > be found by someone who maybe doesn't speak English, etc. > > > > Here's my proposed content: > > > > Contact: secur...@tomcat.apache.org > > Contact: > > https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_ > > with_Apache_Tomcat > > Acknowledgments: https://tomcat.apache.org/security.html > > Preferred-Languages: en > > Canonical: https://tomcat.apache.org/.well-known/security.txt > > Hiring: https://tomcat.apache.org/getinvolved.html > > > > If there are no objections, I'll add it to the site repo, soon. > > +1 > > > What's the best way to make sure that the same file ends up in > > /.well-known/security.txt and /security.txt? Can git link them > > together or something like that? > > The site is in svn. > > A rewrite rule? >
As in https://svn.apache.org/repos/asf/tomcat/site/trunk/xdocs/.htaccess - Ray > > Mark > > > > > -chris > > > > [1] https://securitytxt.org/ > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- *Raymond Augé* <http://www.liferay.com/web/raymond.auge/profile> (@rotty3000) Senior Software Architect *Liferay, Inc.* <http://www.liferay.com> (@Liferay)
