svn commit: r1917707 - /tomcat/site/trunk/docs/.well-known/security.txt
Author: schultz Date: Mon May 13 18:43:52 2024 New Revision: 1917707 URL: http://svn.apache.org/viewvc?rev=1917707&view=rev Log: Update security.txt with a current expiration date. Modified: tomcat/site/trunk/docs/.well-known/security.txt Modified: tomcat/site/trunk/docs/.well-known/security.txt URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/.well-known/security.txt?rev=1917707&r1=1917706&r2=1917707&view=diff == --- tomcat/site/trunk/docs/.well-known/security.txt (original) +++ tomcat/site/trunk/docs/.well-known/security.txt Mon May 13 18:43:52 2024 @@ -3,25 +3,24 @@ Hash: SHA256 Contact: secur...@tomcat.apache.org Contact: https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat -Expires: 2024-01-01T00:00:00 +Expires: 2025-01-01T00:00:00 Acknowledgments: https://tomcat.apache.org/security.html Preferred-Languages: en Canonical: https://tomcat.apache.org/.well-known/security.txt Hiring: https://tomcat.apache.org/getinvolved.html - -BEGIN PGP SIGNATURE- -iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmSR274ACgkQHPApP6U8 -pFiP0RAAx1Ln6cugta2HcnMUTzMYpqb0Mdg4e2tcvQT5J4LFrgP5mMvSJKg3GQKG -mtQ+FBNanf865rhI8Y604vS/2sYrjkh8UYeosg/Yot0UiGxhWzmgeIoXbGB3EuAc -Awuzvr/+s/0KBXXb9ihkyYXqKEoUxtM6QCRlthJS2UkZkrrEjEEhwax0R+2qXCkp -iivjPpyb+XNPTh7Rg8t/fT2vCfHHL4KOvq8DL+p3O+x4MW4bP2fsie4P5SOr7LDg -0zsGZ234UXdStRMqjCU74/5LuswEP3TPJrobeD9yjrljwXGW8gX5DVsl2EXpRgpa -BycUpLvQ9/7RVSXIRabI6vKD0zYljarl8Uryrm/CEOO2stUG7ENBAZVDbg1nCC5p -UMRfX3a+Nigp2UVneUNpepP1vO2ltb6P+dP9T7bISRbomqjSdK+Kjc7clAUOzLH3 -0FX2DqIGViEKaRBBP+0qGYJus8hPt0c37/Sf96/4cdQUOokcDe1sMNbsS2VrNKbx -QPZusS4eFn3JzXbHoqqgs4cGoBKsWhh8Jd9w/F5HYm+0C2Rk9l89uNyknoFbAmME -jpyu1VnYr9zTkusJ+iX2cc0Ttfw7XLLowWCSYzWNvM5FBnf+tyg0qQaD4qF9mk8K -WzchMJGzV0O1hhqanXqA3jUvXtRh5stG88xt+lmrsX2URdPYs80= -=iJYn +iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmZCXykACgkQHPApP6U8 +pFgAaA//cthJsdc3L6wiMpb2+4/RcbGh3SD2oIpO07pGP93JTjG07r1ow7a5fIiY +c3+coNKgKXePZ+vz+/BHOJKpNWXERMetVvdkdMEPIUk4RX0pTqDfrzLXss59rUfg +SJ2j/xelJXUpxBgIqp+Wl+pAj/qj69aF1JWGwZfndYx8ikIes9wkompB0apRPzcV +YwwodI+OIfTZrGd8Z3kGhBBphjgAqrLyT7lR9xg3HOjjoXYJi/PlCamEW8flO84J +Sp5vACx2tOEy6oEwZMQot+ZlueTsYE7ywq39Jcsxt6bhXJYZyJHAtJ4xUJbfcps+ +kFWc84FekrDZqRYnQjw3DbLmp+DwHUHnrcVsChL8+I1M9ZVvQ7HqsDHRj4TgpPQ5 ++hTaV+Qd65f/D6HjoMIxxD3XJQeNkqLveklLGJWd35xgJdXHqvMq3iJ5eBmbnGGh +YWP2E8BI6g0jwQN+g4Tn9dIaNpsiXtIdleBNTSp05gMkeD/ebQ5GeIVNQ7bSjEFD +qmDpnYcgF5tAQbvN1mIDqlY2DQ+vPLL7xLcjZ/2P8Ko++0VAFd3mgT0GXIHnU7wT +TSPCUZdfvPkerSEFFy6qqSyR9KPbW0S0IVR32/UMAA3VukHZZPLYeoGkQ5sKixOB +QWV/e8jo6FhMrRjDUVT6FMDf5w4XvgcWyHsIzGnyhT/ChoJCHfY= +=kk3u -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Signature expiration on security.txt
On 20/06/2023 18:09, Christopher Schultz wrote: All, I just discovered that our security.txt file[1] had passed its "expiration date" and just updated it and re-signed it. Is there any existing process for "checking things" where we could insert a check for "is security.txt about to expire" into that workflow? Not that I am aware of. Would ASF's monitoring system be appropriate for that purpose? Don't know. You might need to raise an Infra ticket to ask. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Signature expiration on security.txt
All, I just discovered that our security.txt file[1] had passed its "expiration date" and just updated it and re-signed it. Is there any existing process for "checking things" where we could insert a check for "is security.txt about to expire" into that workflow? Would ASF's monitoring system be appropriate for that purpose? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1910521 - /tomcat/site/trunk/docs/.well-known/security.txt
Author: schultz Date: Tue Jun 20 17:03:16 2023 New Revision: 1910521 URL: http://svn.apache.org/viewvc?rev=1910521&view=rev Log: Update security.txt with a new expiration date. Modified: tomcat/site/trunk/docs/.well-known/security.txt Modified: tomcat/site/trunk/docs/.well-known/security.txt URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/.well-known/security.txt?rev=1910521&r1=1910520&r2=1910521&view=diff == --- tomcat/site/trunk/docs/.well-known/security.txt (original) +++ tomcat/site/trunk/docs/.well-known/security.txt Tue Jun 20 17:03:16 2023 @@ -3,7 +3,7 @@ Hash: SHA256 Contact: secur...@tomcat.apache.org Contact: https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat -Expires: 2023-01-01T00:00:00 +Expires: 2024-01-01T00:00:00 Acknowledgments: https://tomcat.apache.org/security.html Preferred-Languages: en Canonical: https://tomcat.apache.org/.well-known/security.txt @@ -11,17 +11,17 @@ Hiring: https://tomcat.apache.org/getinv -BEGIN PGP SIGNATURE- -iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmKkwA8ACgkQHPApP6U8 -pFjDyw//Zkjf5tCgoXqs6OwNtEu+wxx1ZIgPWSMCSTcMNJn2w+4zfaeBpIPLIJ/i -Uz6h+jXfXkGdTizKK1DJw00eOLLz8nknb80FmtX4Hzxe4m6I1SNdJJmHg/25ud0S -jDyoDHPoYEW7VgpdTot1mOuO8E+bkGTE/rKbsl3u2uHTVOHV7yxE96DmCknKSyZx -+wdgoqemEhwv04LRd/Xlx2USl5+sazsUZO3qDJIkhb7V8C18lmk1/FALRXWkq31y -RkKoNfoJ92FgBPmmmHfUbEniDLzZUivCoqVCDUpjiPRChaWwbqzP953jqqpXeB/c -z1kaYyH1vvTnefobsvcDgN4yCJ3UrfTYQorNZTrMbbC8GVn8ZdQA/cX+sq4jvFOQ -PoUxyDu0xtacLPQ7vEL7WHB50rdAUsvjwN5X7A7/Rnl3Z4uq7nDxqkY33gaOT7Yf -3Qr9Bzzllc9TTkanDxjayrvrxWXN9c7F+Khpb48dEz5HVhEPxwtmjKSmc3Cwu8xx -rWul5EbKXwBEW8K0pMMEHs5pEZTDiA+c0jV1AfOirJB09Z9NUcRZtUm1MMhuU7x3 -IPehpw8GDIHUNkveeBUzMShIwbuFVEA/S0t4VUzSme8WG15b1w6pFCOnVV920qPx -gnPSP60KegTrV/Y4WmD9XjWTrYGCK9Y0ObCtse7X4MDMgnRaBzY= -=xtjD +iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmSR274ACgkQHPApP6U8 +pFiP0RAAx1Ln6cugta2HcnMUTzMYpqb0Mdg4e2tcvQT5J4LFrgP5mMvSJKg3GQKG +mtQ+FBNanf865rhI8Y604vS/2sYrjkh8UYeosg/Yot0UiGxhWzmgeIoXbGB3EuAc +Awuzvr/+s/0KBXXb9ihkyYXqKEoUxtM6QCRlthJS2UkZkrrEjEEhwax0R+2qXCkp +iivjPpyb+XNPTh7Rg8t/fT2vCfHHL4KOvq8DL+p3O+x4MW4bP2fsie4P5SOr7LDg +0zsGZ234UXdStRMqjCU74/5LuswEP3TPJrobeD9yjrljwXGW8gX5DVsl2EXpRgpa +BycUpLvQ9/7RVSXIRabI6vKD0zYljarl8Uryrm/CEOO2stUG7ENBAZVDbg1nCC5p +UMRfX3a+Nigp2UVneUNpepP1vO2ltb6P+dP9T7bISRbomqjSdK+Kjc7clAUOzLH3 +0FX2DqIGViEKaRBBP+0qGYJus8hPt0c37/Sf96/4cdQUOokcDe1sMNbsS2VrNKbx +QPZusS4eFn3JzXbHoqqgs4cGoBKsWhh8Jd9w/F5HYm+0C2Rk9l89uNyknoFbAmME +jpyu1VnYr9zTkusJ+iX2cc0Ttfw7XLLowWCSYzWNvM5FBnf+tyg0qQaD4qF9mk8K +WzchMJGzV0O1hhqanXqA3jUvXtRh5stG88xt+lmrsX2URdPYs80= +=iJYn -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1901833 - in /tomcat/site/trunk/docs/.well-known: security.txt security.txt.asc
Author: schultz Date: Sat Jun 11 16:18:37 2022 New Revision: 1901833 URL: http://svn.apache.org/viewvc?rev=1901833&view=rev Log: Switch to using a single signed file. Removed: tomcat/site/trunk/docs/.well-known/security.txt.asc Modified: tomcat/site/trunk/docs/.well-known/security.txt Modified: tomcat/site/trunk/docs/.well-known/security.txt URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/.well-known/security.txt?rev=1901833&r1=1901832&r2=1901833&view=diff == --- tomcat/site/trunk/docs/.well-known/security.txt (original) +++ tomcat/site/trunk/docs/.well-known/security.txt Sat Jun 11 16:18:37 2022 @@ -1,3 +1,6 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA256 + Contact: secur...@tomcat.apache.org Contact: https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat Expires: 2023-01-01T00:00:00 @@ -6,3 +9,19 @@ Preferred-Languages: en Canonical: https://tomcat.apache.org/.well-known/security.txt Hiring: https://tomcat.apache.org/getinvolved.html +-BEGIN PGP SIGNATURE- + +iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmKkwA8ACgkQHPApP6U8 +pFjDyw//Zkjf5tCgoXqs6OwNtEu+wxx1ZIgPWSMCSTcMNJn2w+4zfaeBpIPLIJ/i +Uz6h+jXfXkGdTizKK1DJw00eOLLz8nknb80FmtX4Hzxe4m6I1SNdJJmHg/25ud0S +jDyoDHPoYEW7VgpdTot1mOuO8E+bkGTE/rKbsl3u2uHTVOHV7yxE96DmCknKSyZx ++wdgoqemEhwv04LRd/Xlx2USl5+sazsUZO3qDJIkhb7V8C18lmk1/FALRXWkq31y +RkKoNfoJ92FgBPmmmHfUbEniDLzZUivCoqVCDUpjiPRChaWwbqzP953jqqpXeB/c +z1kaYyH1vvTnefobsvcDgN4yCJ3UrfTYQorNZTrMbbC8GVn8ZdQA/cX+sq4jvFOQ +PoUxyDu0xtacLPQ7vEL7WHB50rdAUsvjwN5X7A7/Rnl3Z4uq7nDxqkY33gaOT7Yf +3Qr9Bzzllc9TTkanDxjayrvrxWXN9c7F+Khpb48dEz5HVhEPxwtmjKSmc3Cwu8xx +rWul5EbKXwBEW8K0pMMEHs5pEZTDiA+c0jV1AfOirJB09Z9NUcRZtUm1MMhuU7x3 +IPehpw8GDIHUNkveeBUzMShIwbuFVEA/S0t4VUzSme8WG15b1w6pFCOnVV920qPx +gnPSP60KegTrV/Y4WmD9XjWTrYGCK9Y0ObCtse7X4MDMgnRaBzY= +=xtjD +-END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1901831 - /tomcat/site/trunk/docs/.well-known/security.txt
Author: schultz Date: Sat Jun 11 16:08:58 2022 New Revision: 1901831 URL: http://svn.apache.org/viewvc?rev=1901831&view=rev Log: Update expiration date. We may want to consider extending this expiration out more than 1 year at a time. Modified: tomcat/site/trunk/docs/.well-known/security.txt Modified: tomcat/site/trunk/docs/.well-known/security.txt URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/.well-known/security.txt?rev=1901831&r1=1901830&r2=1901831&view=diff == --- tomcat/site/trunk/docs/.well-known/security.txt (original) +++ tomcat/site/trunk/docs/.well-known/security.txt Sat Jun 11 16:08:58 2022 @@ -1,6 +1,6 @@ Contact: secur...@tomcat.apache.org Contact: https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat -Expires: 2022-01-01T00:00:00 +Expires: 2023-01-01T00:00:00 Acknowledgments: https://tomcat.apache.org/security.html Preferred-Languages: en Canonical: https://tomcat.apache.org/.well-known/security.txt - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1891327 - in /tomcat/site/trunk/docs: .htaccess .well-known/ .well-known/security.txt
Author: schultz
Date: Wed Jul 7 01:05:31 2021
New Revision: 1891327
URL: http://svn.apache.org/viewvc?rev=1891327&view=rev
Log:
Add security.txt file.
Added:
tomcat/site/trunk/docs/.well-known/
tomcat/site/trunk/docs/.well-known/security.txt
Modified:
tomcat/site/trunk/docs/.htaccess
Modified: tomcat/site/trunk/docs/.htaccess
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/.htaccess?rev=1891327&r1=1891326&r2=1891327&view=diff
==
--- tomcat/site/trunk/docs/.htaccess (original)
+++ tomcat/site/trunk/docs/.htaccess Wed Jul 7 01:05:31 2021
@@ -1,3 +1,4 @@
RewriteEngine On
RewriteRulesvn.html %{REQUEST_SCHEME}://%{HTTP_HOST}/source.html [R=301]
+RewriteRule security.txt
%{REQUEST_SCHEME}://%{HTTP_HOST}/.well-known/security.txt [R=301]
Added: tomcat/site/trunk/docs/.well-known/security.txt
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/.well-known/security.txt?rev=1891327&view=auto
==
--- tomcat/site/trunk/docs/.well-known/security.txt (added)
+++ tomcat/site/trunk/docs/.well-known/security.txt Wed Jul 7 01:05:31 2021
@@ -0,0 +1,8 @@
+Contact: secur...@tomcat.apache.org
+Contact:
https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat
+Expires: 2022-01-01T00:00:00
+Acknowledgments: https://tomcat.apache.org/security.html
+Preferred-Languages: en
+Canonical: https://tomcat.apache.org/.well-known/security.txt
+Hiring: https://tomcat.apache.org/getinvolved.html
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: security.txt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 9/1/20 14:38, Mark Thomas wrote: > On 01/09/2020 18:01, Christopher Schultz wrote: >> All, >> >> I'd like to propose that we publish a security.txt[1] file on our >> web site under /.well-known/security.txt and /security.txt >> >> This file contains information we all already know, but it's in >> obviously "proprietary" locations on our web site and might not >> easily be found by someone who maybe doesn't speak English, etc. >> >> Here's my proposed content: >> >> Contact: secur...@tomcat.apache.org Contact: >> https://tomcat.apache.org/security.html#Reporting_New_Security_Proble ms_ >> >> with_Apache_Tomcat >> Acknowledgments: https://tomcat.apache.org/security.html >> Preferred-Languages: en Canonical: >> https://tomcat.apache.org/.well-known/security.txt Hiring: >> https://tomcat.apache.org/getinvolved.html >> >> If there are no objections, I'll add it to the site repo, soon. > > +1 > >> What's the best way to make sure that the same file ends up in >> /.well-known/security.txt and /security.txt? Can git link them >> together or something like that? > > The site is in svn. Oh, right. I modify the site so rarely I forget it hasn't migrated to Gi t. > A rewrite rule? Sure. Shall I put an .htaccess file into the site's repo, then, at the top-level? RedirectPermanent /security.txt /.well-known/security.txt ? Aah, there's already a top-level .htaccess file. I'll just add to that one. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9QSTsACgkQHPApP6U8 pFiAGxAAhw/9IDGM7BbNCMGzhPkQwFrB8z+2rm25rmpJBYwYU/ZcnnIbky5Olz1x 83oygeQKTofmllEvZoAqyQEr3woFH2MZWL7/qluvCKhHpnxDBsYb6wYNX3pX9L1H SXHb237GiUEbKYLpwYtjjxOWQwbjTCGNm7fHtSW2X0luyvzjHDZd38WsIBI+JvRS KtYUwPTvzpRYWxzdx8feojUp+IUGrU6OUs39rYnbtNcgpZ7bpfmwFhH40K6BXjcb AzW1bIYWpyA2AeQw0jGoXPvReDwn3iOR4aO/IUSdTTWuVD8Tw+ChFDcWkcqcYXq/ lYkA+p/ceM+qBzCXxQK/rvjmN5DQZ1y7P3sHJBRvqCp/lcmK/JNFfzo0+e0sR3Yc ltSLqRKgdnvcNO8BRE1PJiz+b7S6Du8/OB66/byQduwacUUbz7pPxlNu1CkwKxh8 a5DGwiYnG5tAthbf512ASgWkFtU97et9JOwv0TXiTfVF9DVxw3Fp+6a1Akkh1+hZ Ebsliwp0FcAb8K6lhdNjG7LJik5vQrqCfJ6tJchwpmsCqfMCXb1+dApv6fFlTP0a Uf30XwzJkNX/uPqP1AAPFetUVBJScHwwNf5WH+/FtK1M15Ykj7hjPPNMFY1ej3Hp fdWaiP3LfZV8gR8HM4V5MM8OPkIKc0mUWxVs1WDSA46e4+Cf4kU= =aN45 -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: security.txt
On Tue, Sep 1, 2020 at 1:01 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > All, > > I'd like to propose that we publish a security.txt[1] file on our web > site under /.well-known/security.txt and /security.txt > > This file contains information we all already know, but it's in > obviously "proprietary" locations on our web site and might not easily > be found by someone who maybe doesn't speak English, etc. > > Here's my proposed content: > > Contact: secur...@tomcat.apache.org > Contact: > https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_ > with_Apache_Tomcat > Acknowledgments: https://tomcat.apache.org/security.html > Preferred-Languages: en > Canonical: https://tomcat.apache.org/.well-known/security.txt > Hiring: https://tomcat.apache.org/getinvolved.html > > If there are no objections, I'll add it to the site repo, soon. > +1 :D > What's the best way to make sure that the same file ends up in > /.well-known/security.txt and /security.txt? Can git link them > together or something like that? > I'd guess a rewrite rule like Mark suggested. > - -chris > > [1] https://securitytxt.org/ > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9OflcACgkQHPApP6U8 > pFhy7g//bvd5hO/QTg+HJyJ1pRY4DCZUtssratL9iwoXNWmRz5toO6XM+Hj3Bh0U > 4VOV5pMl+dN6DhSvuUSDXumnkF6RFMPYFjs15TvC5BaMbt7jlwfNtez7ByrVimOm > BX9KLsXHgjE04Z4nnqp0S+bXdig5bBTtDLPH9woQOOJfx+4LFyPPUMBaKVzxIh2h > 3VAv1vkUCmwfqzY5jJKxERQBzhYwBzuxOe1dL+qtXZGs6R8++OltX5GH1qYks8PR > 28A8SDp+YWrMEEMkv0vUIle3lmEpzEa3+hujFHhMjxPM3q80d9r1XR7B+T3SodEo > 1udOfBMRG6MGU9OiFD+s8vYgVt2BBBSCTzoeuNQkkf2kbzpeFYChjv7mM4ghBSyy > 6y8Cz5O8HHQwroaxrkbhf1iIlNDdV0zQ+vd1C3EmhiZosD/bWhIL9q0RFzkY5QIY > d4U2AN2Q6r9Wd12jS7ELjKy2q/BshJktEjdHs0HQUvYP26zOK9AVtH/ojFLmfXf8 > E+8TxLX2Wr3e6VyaGOJayeofSeeWEs0a4kxzfTB1ChQ/tG/SBJACCYS12cCq1XIn > nKzkNm1ftbNDgH2IxSfvAPl1m9SzoSO3RJwibrV1bwstahtbvgALHP5raGzZ8Mxo > +piQmPr1YKwxcvQWE3X/aZOv2YryjnbXKCdHixieZu+rU4f7j6M= > =qHDh > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: security.txt
On Tue, Sep 1, 2020 at 2:38 PM Mark Thomas wrote: > On 01/09/2020 18:01, Christopher Schultz wrote: > > All, > > > > I'd like to propose that we publish a security.txt[1] file on our web > > site under /.well-known/security.txt and /security.txt > > > > This file contains information we all already know, but it's in > > obviously "proprietary" locations on our web site and might not easily > > be found by someone who maybe doesn't speak English, etc. > > > > Here's my proposed content: > > > > Contact: secur...@tomcat.apache.org > > Contact: > > https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_ > > with_Apache_Tomcat > > Acknowledgments: https://tomcat.apache.org/security.html > > Preferred-Languages: en > > Canonical: https://tomcat.apache.org/.well-known/security.txt > > Hiring: https://tomcat.apache.org/getinvolved.html > > > > If there are no objections, I'll add it to the site repo, soon. > > +1 > > > What's the best way to make sure that the same file ends up in > > /.well-known/security.txt and /security.txt? Can git link them > > together or something like that? > > The site is in svn. > > A rewrite rule? > As in https://svn.apache.org/repos/asf/tomcat/site/trunk/xdocs/.htaccess - Ray > > Mark > > > > > -chris > > > > [1] https://securitytxt.org/ > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- *Raymond Augé* <http://www.liferay.com/web/raymond.auge/profile> (@rotty3000) Senior Software Architect *Liferay, Inc.* <http://www.liferay.com> (@Liferay)
Re: security.txt
On 01/09/2020 18:01, Christopher Schultz wrote: > All, > > I'd like to propose that we publish a security.txt[1] file on our web > site under /.well-known/security.txt and /security.txt > > This file contains information we all already know, but it's in > obviously "proprietary" locations on our web site and might not easily > be found by someone who maybe doesn't speak English, etc. > > Here's my proposed content: > > Contact: secur...@tomcat.apache.org > Contact: > https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_ > with_Apache_Tomcat > Acknowledgments: https://tomcat.apache.org/security.html > Preferred-Languages: en > Canonical: https://tomcat.apache.org/.well-known/security.txt > Hiring: https://tomcat.apache.org/getinvolved.html > > If there are no objections, I'll add it to the site repo, soon. +1 > What's the best way to make sure that the same file ends up in > /.well-known/security.txt and /security.txt? Can git link them > together or something like that? The site is in svn. A rewrite rule? Mark > > -chris > > [1] https://securitytxt.org/ > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
security.txt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'd like to propose that we publish a security.txt[1] file on our web site under /.well-known/security.txt and /security.txt This file contains information we all already know, but it's in obviously "proprietary" locations on our web site and might not easily be found by someone who maybe doesn't speak English, etc. Here's my proposed content: Contact: secur...@tomcat.apache.org Contact: https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_ with_Apache_Tomcat Acknowledgments: https://tomcat.apache.org/security.html Preferred-Languages: en Canonical: https://tomcat.apache.org/.well-known/security.txt Hiring: https://tomcat.apache.org/getinvolved.html If there are no objections, I'll add it to the site repo, soon. What's the best way to make sure that the same file ends up in /.well-known/security.txt and /security.txt? Can git link them together or something like that? - -chris [1] https://securitytxt.org/ -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9OflcACgkQHPApP6U8 pFhy7g//bvd5hO/QTg+HJyJ1pRY4DCZUtssratL9iwoXNWmRz5toO6XM+Hj3Bh0U 4VOV5pMl+dN6DhSvuUSDXumnkF6RFMPYFjs15TvC5BaMbt7jlwfNtez7ByrVimOm BX9KLsXHgjE04Z4nnqp0S+bXdig5bBTtDLPH9woQOOJfx+4LFyPPUMBaKVzxIh2h 3VAv1vkUCmwfqzY5jJKxERQBzhYwBzuxOe1dL+qtXZGs6R8++OltX5GH1qYks8PR 28A8SDp+YWrMEEMkv0vUIle3lmEpzEa3+hujFHhMjxPM3q80d9r1XR7B+T3SodEo 1udOfBMRG6MGU9OiFD+s8vYgVt2BBBSCTzoeuNQkkf2kbzpeFYChjv7mM4ghBSyy 6y8Cz5O8HHQwroaxrkbhf1iIlNDdV0zQ+vd1C3EmhiZosD/bWhIL9q0RFzkY5QIY d4U2AN2Q6r9Wd12jS7ELjKy2q/BshJktEjdHs0HQUvYP26zOK9AVtH/ojFLmfXf8 E+8TxLX2Wr3e6VyaGOJayeofSeeWEs0a4kxzfTB1ChQ/tG/SBJACCYS12cCq1XIn nKzkNm1ftbNDgH2IxSfvAPl1m9SzoSO3RJwibrV1bwstahtbvgALHP5raGzZ8Mxo +piQmPr1YKwxcvQWE3X/aZOv2YryjnbXKCdHixieZu+rU4f7j6M= =qHDh -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
