[jira] [Commented] (MNGSITE-503) add .well-known/security.txt

Sat, 10 Dec 2022 02:18:06 -0800 


    [ 
https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645575#comment-17645575
 ] 

ASF GitHub Bot commented on MNGSITE-503:
----------------------------------------

michael-o commented on code in PR #354:
URL: https://github.com/apache/maven-site/pull/354#discussion_r1045059586


##########
pom.xml:
##########
@@ -232,6 +232,32 @@
 -->
         </executions>
       </plugin>
+      <!--
+        used for timestamp of .well-known/security.txt file
+        Plugin-definition must be before resources-plugin to be
+        in the pre-site phase before 'copy-filtered-resources'.
+      -->
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>build-helper-maven-plugin</artifactId>
+        <version>3.3.0</version>
+        <executions>
+          <execution>
+            <id>create-security.txt-timestamp</id>
+            <phase>pre-site</phase>
+            <goals>
+              <goal>timestamp-property</goal>
+            </goals>
+            <configuration>
+              <name>maven.security.expires</name>
+              <locale>ROOT</locale>

Review Comment:
   This will not work: 
https://www.mojohaus.org/build-helper-maven-plugin/xref/org/codehaus/mojo/buildhelper/TimestampPropertyMojo.html#L122
   It does not process `ROOT` for `new Locale("")`.



##########
pom.xml:
##########
@@ -232,6 +232,32 @@
 -->
         </executions>
       </plugin>
+      <!--
+        used for timestamp of .well-known/security.txt file
+        Plugin-definition must be before resources-plugin to be
+        in the pre-site phase before 'copy-filtered-resources'.
+      -->
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>build-helper-maven-plugin</artifactId>
+        <version>3.3.0</version>
+        <executions>
+          <execution>
+            <id>create-security.txt-timestamp</id>
+            <phase>pre-site</phase>
+            <goals>
+              <goal>timestamp-property</goal>
+            </goals>
+            <configuration>
+              <name>maven.security.expires</name>
+              <locale>ROOT</locale>
+              <pattern>yyyy-MM-dd'T'HH:mm:ss'Z'</pattern>

Review Comment:
   Corrected request.





> add .well-known/security.txt
> ----------------------------
>
>                 Key: MNGSITE-503
>                 URL: https://issues.apache.org/jira/browse/MNGSITE-503
>             Project: Maven Project Web Site
>          Issue Type: Improvement
>            Reporter: Benjamin Marwell
>            Assignee: Benjamin Marwell
>            Priority: Major
>              Labels: security
>
> As per consensus on the mailing list (+1 from [~rmannibucau] and me), we 
> should add a file `.well-known/security.txt`.
> I will prepare a PR.
> References:
>  * [.well-known/security.txt at maven.apache.org 
> (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html]
>  * [.well-known/security.txt at maven.apache.org-Apache Mail 
> Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to