-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I'd like to propose that we publish a security.txt[1] file on our web site under /.well-known/security.txt and /security.txt This file contains information we all already know, but it's in obviously "proprietary" locations on our web site and might not easily be found by someone who maybe doesn't speak English, etc. Here's my proposed content: Contact: secur...@tomcat.apache.org Contact: https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_ with_Apache_Tomcat Acknowledgments: https://tomcat.apache.org/security.html Preferred-Languages: en Canonical: https://tomcat.apache.org/.well-known/security.txt Hiring: https://tomcat.apache.org/getinvolved.html If there are no objections, I'll add it to the site repo, soon. What's the best way to make sure that the same file ends up in /.well-known/security.txt and /security.txt? Can git link them together or something like that? - -chris [1] https://securitytxt.org/ -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9OflcACgkQHPApP6U8 pFhy7g//bvd5hO/QTg+HJyJ1pRY4DCZUtssratL9iwoXNWmRz5toO6XM+Hj3Bh0U 4VOV5pMl+dN6DhSvuUSDXumnkF6RFMPYFjs15TvC5BaMbt7jlwfNtez7ByrVimOm BX9KLsXHgjE04Z4nnqp0S+bXdig5bBTtDLPH9woQOOJfx+4LFyPPUMBaKVzxIh2h 3VAv1vkUCmwfqzY5jJKxERQBzhYwBzuxOe1dL+qtXZGs6R8++OltX5GH1qYks8PR 28A8SDp+YWrMEEMkv0vUIle3lmEpzEa3+hujFHhMjxPM3q80d9r1XR7B+T3SodEo 1udOfBMRG6MGU9OiFD+s8vYgVt2BBBSCTzoeuNQkkf2kbzpeFYChjv7mM4ghBSyy 6y8Cz5O8HHQwroaxrkbhf1iIlNDdV0zQ+vd1C3EmhiZosD/bWhIL9q0RFzkY5QIY d4U2AN2Q6r9Wd12jS7ELjKy2q/BshJktEjdHs0HQUvYP26zOK9AVtH/ojFLmfXf8 E+8TxLX2Wr3e6VyaGOJayeofSeeWEs0a4kxzfTB1ChQ/tG/SBJACCYS12cCq1XIn nKzkNm1ftbNDgH2IxSfvAPl1m9SzoSO3RJwibrV1bwstahtbvgALHP5raGzZ8Mxo +piQmPr1YKwxcvQWE3X/aZOv2YryjnbXKCdHixieZu+rU4f7j6M= =qHDh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
