Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Security

X-seq: zsh-workers 47766
From: Jérémie Roquet <jroquet@xxxxxxxxxxxxx>
To: Phil Pennock <zsh-workers+phil.pennock@xxxxxxxxxxxx>
Subject: Re: Security
Date: Mon, 28 Dec 2020 01:11:10 +0100
Archived-at: <https://zsh.org/workers/47766>
Archived-at: <http://www.zsh.org/sympa/arcsearch_id/zsh-workers/2020-12/CAFOazAOv5MpK4oCtE2KONwUhand6D3Nj7i9z-SWkyD%3DiBXxmhg%40mail.gmail.com>
Authentication-results: zsh.org; iprev=pass (mail-qv1-f45.google.com) smtp.remote-ip=209.85.219.45; dmarc=none header.from=arkanosis.net; arc=none
Cc: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>, "Zsh Hackers' List" <zsh-workers@xxxxxxx>
In-reply-to: <X+kasJvMFivCnBmR@fullerene.field.pennock-tech.net>
List-archive: <http://www.zsh.org/sympa/arc/zsh-workers>
List-help: <mailto:sympa@zsh.org?subject=help>
List-id: <zsh-workers.zsh.org>
List-owner: <mailto:zsh-workers-request@zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-subscribe: <mailto:sympa@zsh.org?subject=subscribe%20zsh-workers>
List-unsubscribe: <mailto:sympa@zsh.org?subject=unsubscribe%20zsh-workers>
References: <paAbf-KNB0KbNKpcW3QUwRieHYlcjHX1JUBuWrVKyRFxy3huAGdvLPpI3AarFSLDymL3AP4TfrD_Pusx13LQUUoAxYUBOWasBoMDvSPvppk=@protonmail.com> <CAFOazAPaNLP6Yg6krO7mtcSrgoj=+rmg-=Awc-ju8rBfqKykUQ@mail.gmail.com> <9ukE0EnlTIntEcJ7b7nLSoq5E3XfeB-HtfyHk1Vmzoh_NojpSpL_amjhCixUBdb164pmStO4by1oduUBR0zCJpK0xGzrh2uz42flRXt96-8=@protonmail.com> <X+N714veDei3MIVm@andrew.cmu.edu> <Uzy4-LW1s3eKrllB-zw35G-ORZsJNQl6uPzDhishTuzE-QC_Hir0nOOi00r5bRdlm-N9GbNJL9gGifBuXxQt8QKlz7yATk4Ah4bxVqOjQKM=@protonmail.com> <a5f44f89-bec5-487d-aee3-8c4eb4f521fa@www.fastmail.com> <X+kBRpTydSUosZNw@fullerene.field.pennock-tech.net> <CAFOazAOFxerpsmFB6QKMa1krjDu9Ke3G+Z4vYrz=sHY9bpYHBQ@mail.gmail.com> <X+kasJvMFivCnBmR@fullerene.field.pennock-tech.net>
Sender: zsh-workers-request@xxxxxxx

Le lun. 28 déc. 2020 à 00:37, Phil Pennock
<zsh-workers+phil.pennock@xxxxxxxxxxxx> a écrit :
>
> On 2020-12-27 at 23:40 +0100, Jérémie Roquet wrote:
> > Daniel, Phil, would it be possible to advertise for this new list on
> > the mailing lists page?
> >
> >   http://zsh.sourceforge.net/Arc/mlist.html
>
> Theoretically done.  I don't know how much caching there is inside
> SourceForge, but the git repo has been updated and the website content
> has been rsync'd.

That's visible for me now. Thank you!

> > … and maybe set up a security.txt as well?
> >
> >   https://securitytxt.org/
> >
> > That's not yet a widely recognized standard, but I believe someone
> > unfamiliar with a project yet familiar with security would start by
> > looking there if there's is a contact address.
>
> This one is not my call to make.  I like the general idea and use it for
> my own site (which ~nobody cares about) but I'm not going to deploy
> without other folks mulling it over first.

That's fair. So, for anyone wondering what this security.txt thing is
about: it's a single file made available at
$DOMAIN/.well-known/security.txt, in which some predefined fields can
/ should be filled in, such as an email address to use to report
security issues. This mostly used to report issues on websites rather
than in software, but I believe it's a place where people into
security will look at anyway if they are trying to find a contact
address (possibly before looking at the website itself). The
specification is intended to become a standard but isn't yet; its
ability to become one is also driven by its adoption, of course (the
usual chicken-and-egg problem).

Thanks again,

-- 
Jérémie

Follow-Ups:
- Re: Security
  - From: Daniel Shahaf

References:
- Security
  - From: reportyigit46
- Re: Security
  - From: Jérémie Roquet
- Re: Security
  - From: reportyigit46
- Re: Security
  - From: gi1242+zsh
- Re: Security
  - From: reportyigit46
- Re: Security
  - From: Daniel Shahaf
- Re: Security
  - From: Phil Pennock
- Re: Security
  - From: Jérémie Roquet
- Re: Security
  - From: Phil Pennock

Messages sorted by: Reverse Date, Date, Thread, Author