From: "Jérémie Roquet" <jroquet@arkanosis.net>
To: Phil Pennock <zsh-workers+phil.pennock@spodhuis.org>
Cc: Daniel Shahaf <d.s@daniel.shahaf.name>,
"Zsh Hackers' List" <zsh-workers@zsh.org>
Subject: Re: Security
Date: Mon, 28 Dec 2020 01:11:10 +0100 [thread overview]
Message-ID: <CAFOazAOv5MpK4oCtE2KONwUhand6D3Nj7i9z-SWkyD=iBXxmhg@mail.gmail.com> (raw)
In-Reply-To: <X+kasJvMFivCnBmR@fullerene.field.pennock-tech.net>
Le lun. 28 déc. 2020 à 00:37, Phil Pennock
<zsh-workers+phil.pennock@spodhuis.org> a écrit :
>
> On 2020-12-27 at 23:40 +0100, Jérémie Roquet wrote:
> > Daniel, Phil, would it be possible to advertise for this new list on
> > the mailing lists page?
> >
> > http://zsh.sourceforge.net/Arc/mlist.html
>
> Theoretically done. I don't know how much caching there is inside
> SourceForge, but the git repo has been updated and the website content
> has been rsync'd.
That's visible for me now. Thank you!
> > … and maybe set up a security.txt as well?
> >
> > https://securitytxt.org/
> >
> > That's not yet a widely recognized standard, but I believe someone
> > unfamiliar with a project yet familiar with security would start by
> > looking there if there's is a contact address.
>
> This one is not my call to make. I like the general idea and use it for
> my own site (which ~nobody cares about) but I'm not going to deploy
> without other folks mulling it over first.
That's fair. So, for anyone wondering what this security.txt thing is
about: it's a single file made available at
$DOMAIN/.well-known/security.txt, in which some predefined fields can
/ should be filled in, such as an email address to use to report
security issues. This mostly used to report issues on websites rather
than in software, but I believe it's a place where people into
security will look at anyway if they are trying to find a contact
address (possibly before looking at the website itself). The
specification is intended to become a standard but isn't yet; its
ability to become one is also driven by its adoption, of course (the
usual chicken-and-egg problem).
Thanks again,
--
Jérémie
next prev parent reply other threads:[~2020-12-28 0:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-20 13:13 Security reportyigit46
2020-12-20 13:46 ` Security Jérémie Roquet
2020-12-23 5:53 ` Security reportyigit46
2020-12-23 17:17 ` Security Peter Stephenson
2020-12-23 17:18 ` Security gi1242+zsh
2020-12-23 18:50 ` Security reportyigit46
2020-12-25 16:06 ` Security Daniel Shahaf
2020-12-27 21:48 ` Security Phil Pennock
2020-12-27 22:40 ` Security Jérémie Roquet
2020-12-27 23:37 ` Security Phil Pennock
2020-12-28 0:11 ` Jérémie Roquet [this message]
2020-12-28 10:46 ` Security Daniel Shahaf
2020-12-28 11:08 ` Security Jérémie Roquet
2020-12-28 10:50 ` Security Daniel Shahaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFOazAOv5MpK4oCtE2KONwUhand6D3Nj7i9z-SWkyD=iBXxmhg@mail.gmail.com' \
--to=jroquet@arkanosis.net \
--cc=d.s@daniel.shahaf.name \
--cc=zsh-workers+phil.pennock@spodhuis.org \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).