From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 27836 invoked from network); 27 Dec 2020 22:40:56 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 27 Dec 2020 22:40:56 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20200801; t=1609108856;
	 b=gN9fsOJVoFicPZCveXJHL6QipGhvDXrJ1UrAtX9ADmkhHltExS64T5YVwh3o5mMc224rkIMsi8
	  gMdgbxL6ZXzveZRRiH/3RPuJ+EOoEny78H0siFTMPi88qIgcqaGqW2hjbcMTfILfKJtTmtoHen
	  gNRFZAN6onhdwS+12P87bnpI7aKW8snGgh9OV7AUJFPRzEpJEz4cNi6EB1F8i1AhIq01KibjK1
	  d61H+bhn6ADLu9G8tYDd+/3AiE3SR4J/cQwRoAFX37j5i44MyS1qLtnh5yzfUyk1YIEtQRPOBa
	  g5d0SCer+tMFDCYs67MLgFEqLzHzh0rgsfcPKgX5UKoRkA==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (mail-qv1-f42.google.com) smtp.remote-ip=209.85.219.42;
	dmarc=none header.from=arkanosis.net;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20200801; t=1609108856;
	bh=VJXX3kEuAJRvaPys8cyPMRN42qjqcmmi5g5ejW6uJ8w=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:Content-Transfer-Encoding:Content-Type:Cc:To:Subject:
	  Message-ID:Date:From:In-Reply-To:References:MIME-Version:DKIM-Signature;
	b=J3+KJ5heeZ90utE7cl6rrcqiieRVkfwGZlL8wpTIfkQvHimv9MGMMKNckXeGjY/fS9IbRIDvWY
	  rzE/IuX/w3BHekYe5Yx/F8PTx2wcC9fyKqbGvaBV+/YC2hxKu1M6ozjcUNapTC64ePCAD1w7wk
	  WRoGSVzeOKtgrd8dlqnxrvZAV+aYI9LEZ/qeDiKp0GNW4UX5pBb/j+rlpDDuaan19NE0B2NwQn
	  yaatKkY24B/lk8IxxAH3LnMQYcwSpZ8sN+Fu0wZkQoHQ3EtwbB2XHXDimSdKF9/ZuJAax8Glte
	  7AxBky9NGXwGvnV/AY6Jhvef+SxXpTJOfYIkT/EXvIsQDg==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:Content-Transfer-Encoding:
	Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:
	MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID;
	bh=+tIQ1+55u01I5AeSiPiU5Y10epEgyumXhjTVHvexmq8=; b=NtRjyRSDFQZkOxWqYUgaslDD93
	JykwjZuxb3BZdmvPzoBQD083tGGBbNoWkOTMkrj2MfRM1cCIAkyE9H8xepKaFO1Rult3KCUH2Of3v
	Tv48q2A8zusz0/p9J37chhyJ0/nmOS6lR9KL2sO9jlLKuFEg4tDoY+zGzu8N1JmcS2xXl/s1A+hsz
	A45y/XIU95uz5+Y+xyL2bq6YPwdH3eJrsQGOg2IY7cJB3NHZSd/DGCmd0BGRisGQciIsftgECffDF
	sVv6eQgS3wd1j4R8FC1voojebMbMWl6Z1shI+eVUKVwObRGWuqTZj6XdF5OWRt4USdIMPkAo9M07T
	jXMWZcjQ==;
Received: from authenticated user by zero.zsh.org with local 
	id 1kteia-000CqW-9y; Sun, 27 Dec 2020 22:40:52 +0000
Authentication-Results: zsh.org;
	iprev=pass (mail-qv1-f42.google.com) smtp.remote-ip=209.85.219.42;
	dmarc=none header.from=arkanosis.net;
	arc=none
Received: from mail-qv1-f42.google.com ([209.85.219.42]:33943)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128)
	id 1kteiJ-000ChH-9T; Sun, 27 Dec 2020 22:40:36 +0000
Received: by mail-qv1-f42.google.com with SMTP id 4so4334331qvh.1
        for <zsh-workers@zsh.org>; Sun, 27 Dec 2020 14:40:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=+tIQ1+55u01I5AeSiPiU5Y10epEgyumXhjTVHvexmq8=;
        b=IKw8EwpddF7eFUWIOpNkf2UpHNCnCC8QlaXjdMqrvxcjy8F0hPenK3Xh7GOylS6zn5
         KazaabIeAJuhd5umfdJ1BZ3PFkW5rvlYz96w6tQPB1O+ZFFnCkGtYw6oVFVB5qvYfrTg
         FMG+7DBQ7hZBYWSYdDySq537UWpjRw4qftxqtF8znCe7BkdnAGZf6PxToiVpXReF9nrn
         NFC6WFU7Dd0QvlllUgczmOpXSptIH5Bzq7NPa3zxgQKEFbglbY7vR6XaW3406AuCneIb
         SqvVCelF0JglAbKjhvqZS/ScNy6IHytRSPSSIO13WqmuhIbJ4V4kTqIbxsuGvpRE1XB3
         wjMA==
X-Gm-Message-State: AOAM532CR/JUtN5YPJxD+GAeblyOO1vXkpFz0ICdgPnCR0r/+/JEbqfo
	F0X4jk3sOT41BwXcJiyRDNPZkurNrLkJuroHWtnYjX2bE0w=
X-Google-Smtp-Source: ABdhPJy7KBn7r/lSGPMz9zjK2c2BNi/YS3s3KOUNQtMOyN2AXkJ91qmDXe8FwSJUPqINBl7Bd2YnI+jOiSDoYUWEZ2g=
X-Received: by 2002:a0c:9adc:: with SMTP id k28mr44811851qvf.42.1609108834171;
 Sun, 27 Dec 2020 14:40:34 -0800 (PST)
MIME-Version: 1.0
References: <paAbf-KNB0KbNKpcW3QUwRieHYlcjHX1JUBuWrVKyRFxy3huAGdvLPpI3AarFSLDymL3AP4TfrD_Pusx13LQUUoAxYUBOWasBoMDvSPvppk=@protonmail.com>
 <CAFOazAPaNLP6Yg6krO7mtcSrgoj=+rmg-=Awc-ju8rBfqKykUQ@mail.gmail.com>
 <9ukE0EnlTIntEcJ7b7nLSoq5E3XfeB-HtfyHk1Vmzoh_NojpSpL_amjhCixUBdb164pmStO4by1oduUBR0zCJpK0xGzrh2uz42flRXt96-8=@protonmail.com>
 <X+N714veDei3MIVm@andrew.cmu.edu> <Uzy4-LW1s3eKrllB-zw35G-ORZsJNQl6uPzDhishTuzE-QC_Hir0nOOi00r5bRdlm-N9GbNJL9gGifBuXxQt8QKlz7yATk4Ah4bxVqOjQKM=@protonmail.com>
 <a5f44f89-bec5-487d-aee3-8c4eb4f521fa@www.fastmail.com> <X+kBRpTydSUosZNw@fullerene.field.pennock-tech.net>
In-Reply-To: <X+kBRpTydSUosZNw@fullerene.field.pennock-tech.net>
From: =?UTF-8?B?SsOpcsOpbWllIFJvcXVldA==?= <jroquet@arkanosis.net>
Date: Sun, 27 Dec 2020 23:40:23 +0100
Message-ID: <CAFOazAOFxerpsmFB6QKMa1krjDu9Ke3G+Z4vYrz=sHY9bpYHBQ@mail.gmail.com>
Subject: Re: Security
To: Phil Pennock <zsh-workers+phil.pennock@spodhuis.org>, 
	Daniel Shahaf <d.s@daniel.shahaf.name>
Cc: "Zsh Hackers' List" <zsh-workers@zsh.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Seq: 47763
Archived-At: <https://zsh.org/workers/47763>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <mailto:sympa@zsh.org?subject=help>
List-Subscribe: <mailto:sympa@zsh.org?subject=subscribe%20zsh-workers>
List-Unsubscribe: <mailto:sympa@zsh.org?subject=unsubscribe%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>
Archived-At: <http://www.zsh.org/sympa/arcsearch_id/zsh-workers/2020-12/CAFOazAOFxerpsmFB6QKMa1krjDu9Ke3G%2BZ4vYrz%3DsHY9bpYHBQ%40mail.gmail.com>

Le dim. 27 d=C3=A9c. 2020 =C3=A0 22:49, Phil Pennock
<zsh-workers+phil.pennock@spodhuis.org> a =C3=A9crit :
>
> On 2020-12-25 at 16:06 +0000, Daniel Shahaf wrote:
> > a separate -security@ list might be a good idea, or at least an alias.)
>
> zsh-security@ now exists, we're kicking the tires.

Daniel, Phil, would it be possible to advertise for this new list on
the mailing lists page?

  http://zsh.sourceforge.net/Arc/mlist.html

=E2=80=A6 and maybe set up a security.txt as well?

  https://securitytxt.org/

That's not yet a widely recognized standard, but I believe someone
unfamiliar with a project yet familiar with security would start by
looking there if there's is a contact address.

Thanks!

--=20
J=C3=A9r=C3=A9mie