Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Security

Le lun. 28 déc. 2020 à 00:37, Phil Pennock
<zsh-workers+phil.pennock@xxxxxxxxxxxx> a écrit :
> On 2020-12-27 at 23:40 +0100, Jérémie Roquet wrote:
> > Daniel, Phil, would it be possible to advertise for this new list on
> > the mailing lists page?
> >
> >   http://zsh.sourceforge.net/Arc/mlist.html
> Theoretically done.  I don't know how much caching there is inside
> SourceForge, but the git repo has been updated and the website content
> has been rsync'd.

That's visible for me now. Thank you!

> > … and maybe set up a security.txt as well?
> >
> >   https://securitytxt.org/
> >
> > That's not yet a widely recognized standard, but I believe someone
> > unfamiliar with a project yet familiar with security would start by
> > looking there if there's is a contact address.
> This one is not my call to make.  I like the general idea and use it for
> my own site (which ~nobody cares about) but I'm not going to deploy
> without other folks mulling it over first.

That's fair. So, for anyone wondering what this security.txt thing is
about: it's a single file made available at
$DOMAIN/.well-known/security.txt, in which some predefined fields can
/ should be filled in, such as an email address to use to report
security issues. This mostly used to report issues on websites rather
than in software, but I believe it's a place where people into
security will look at anyway if they are trying to find a contact
address (possibly before looking at the website itself). The
specification is intended to become a standard but isn't yet; its
ability to become one is also driven by its adoption, of course (the
usual chicken-and-egg problem).

Thanks again,


Messages sorted by: Reverse Date, Date, Thread, Author