-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 9/1/20 14:38, Mark Thomas wrote: > On 01/09/2020 18:01, Christopher Schultz wrote: >> All, >> >> I'd like to propose that we publish a security.txt[1] file on our >> web site under /.well-known/security.txt and /security.txt >> >> This file contains information we all already know, but it's in >> obviously "proprietary" locations on our web site and might not >> easily be found by someone who maybe doesn't speak English, etc. >> >> Here's my proposed content: >> >> Contact: secur...@tomcat.apache.org Contact: >> https://tomcat.apache.org/security.html#Reporting_New_Security_Proble ms_ >> >> with_Apache_Tomcat >> Acknowledgments: https://tomcat.apache.org/security.html >> Preferred-Languages: en Canonical: >> https://tomcat.apache.org/.well-known/security.txt Hiring: >> https://tomcat.apache.org/getinvolved.html >> >> If there are no objections, I'll add it to the site repo, soon. > > +1 > >> What's the best way to make sure that the same file ends up in >> /.well-known/security.txt and /security.txt? Can git link them >> together or something like that? > > The site is in svn. Oh, right. I modify the site so rarely I forget it hasn't migrated to Gi t. > A rewrite rule? Sure. Shall I put an .htaccess file into the site's repo, then, at the top-level? RedirectPermanent /security.txt /.well-known/security.txt ? Aah, there's already a top-level .htaccess file. I'll just add to that one. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9QSTsACgkQHPApP6U8 pFiAGxAAhw/9IDGM7BbNCMGzhPkQwFrB8z+2rm25rmpJBYwYU/ZcnnIbky5Olz1x 83oygeQKTofmllEvZoAqyQEr3woFH2MZWL7/qluvCKhHpnxDBsYb6wYNX3pX9L1H SXHb237GiUEbKYLpwYtjjxOWQwbjTCGNm7fHtSW2X0luyvzjHDZd38WsIBI+JvRS KtYUwPTvzpRYWxzdx8feojUp+IUGrU6OUs39rYnbtNcgpZ7bpfmwFhH40K6BXjcb AzW1bIYWpyA2AeQw0jGoXPvReDwn3iOR4aO/IUSdTTWuVD8Tw+ChFDcWkcqcYXq/ lYkA+p/ceM+qBzCXxQK/rvjmN5DQZ1y7P3sHJBRvqCp/lcmK/JNFfzo0+e0sR3Yc ltSLqRKgdnvcNO8BRE1PJiz+b7S6Du8/OB66/byQduwacUUbz7pPxlNu1CkwKxh8 a5DGwiYnG5tAthbf512ASgWkFtU97et9JOwv0TXiTfVF9DVxw3Fp+6a1Akkh1+hZ Ebsliwp0FcAb8K6lhdNjG7LJik5vQrqCfJ6tJchwpmsCqfMCXb1+dApv6fFlTP0a Uf30XwzJkNX/uPqP1AAPFetUVBJScHwwNf5WH+/FtK1M15Ykj7hjPPNMFY1ej3Hp fdWaiP3LfZV8gR8HM4V5MM8OPkIKc0mUWxVs1WDSA46e4+Cf4kU= =aN45 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org