bmarwell commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045125369
########## content/filtered-resources/.well-known/security.txt: ########## @@ -0,0 +1,6 @@ +Contact: mailto:secur...@apache.org +Contact: mailto:priv...@maven.apache.org +Expires: ${maven.build.timestamp} +Preferred-Languages: en +Policy: https://www.apache.org/security/ +Policy: https://maven.apache.org/security.html Review Comment: > This one does not point to any policy. Just to a listing w/o any benefit for a potentional reporter. Are you reading the spec at all? Or just posting random comments? > A link to a policy detailing what security researchers should do when searching for or reporting security issues. https://www.rfc-editor.org/rfc/rfc9116#section-2.5.7 Both pages contain useful information for security researchers: email addresses, disclosure policy, etc. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org