[
https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645661#comment-17645661
]
ASF GitHub Bot commented on MNGSITE-503:
----------------------------------------
michael-o commented on code in PR #354:
URL: https://github.com/apache/maven-site/pull/354#discussion_r1045126621
##########
content/filtered-resources/.well-known/security.txt:
##########
@@ -0,0 +1,6 @@
+Contact: mailto:secur...@apache.org
+Contact: mailto:priv...@maven.apache.org
+Expires: ${maven.build.timestamp}
+Preferred-Languages: en
+Policy: https://www.apache.org/security/
+Policy: https://maven.apache.org/security.html
Review Comment:
I read it and I consider the second one useless. The only valuable
information is: "For more information about reporting vulnerabilities, see the
[Apache Security Team](https://www.apache.org/security/) page." This is as good
as leaving it out. It provides no benefit.
> add .well-known/security.txt
> ----------------------------
>
> Key: MNGSITE-503
> URL: https://issues.apache.org/jira/browse/MNGSITE-503
> Project: Maven Project Web Site
> Issue Type: Improvement
> Reporter: Benjamin Marwell
> Assignee: Benjamin Marwell
> Priority: Major
> Labels: security
>
> As per consensus on the mailing list (+1 from [~rmannibucau] and me), we
> should add a file `.well-known/security.txt`.
> I will prepare a PR.
> References:
> * [.well-known/security.txt at maven.apache.org
> (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html]
> * [.well-known/security.txt at maven.apache.org-Apache Mail
> Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
