On Thu, Sep 28, 2023 at 5:20 PM Ben Ramsey <ram...@php.net> wrote: > I've added documentation inline in the security.txt file >
To add some nitpicky bikeshedding, I'd put those instructions elsewhere (maybe php-src:docs/release-process.md ?) and only have a single line in the security.txt file referring out to that. The focus of the security.txt file should BE the metadata. +1 on the concept, and I do like the idea of making it part of the new branch release process as well as having one of the new RMs being the ones to sign it. -Sara
