From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 2364 invoked from network); 27 Dec 2020 23:37:42 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 27 Dec 2020 23:37:42 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20200801; t=1609112262;
	 b=0q0WijQ5rbEcbnrgXyIzeb97Htk4WRyQldaGYv0bB7wNQJ5btN//hYi4Lvv/AKt7ioy/3p5tsy
	  bOxs2c4CxjMeWlZ7jrk5JXyCPifAc6Y5EYc5AxHixksQG7sH45hSj5qT9oZR7+ty+0cYfAVnEX
	  7RbbBWL2gWq0rw811VP80V+QgMiRlPGR/b8/vwrVvyEopd+exvdDdRnCig7IpqNVjfxUlfinB0
	  kIdoZTc/zlyZxmkx17NbwSgH9/CA/THYueIuYkIuuB2BSunxc7/eSKMy0SbFD30wYmMwc5wtDJ
	  Jol13SSwhQYpxz9/qUJjZHsd/9T3WX3jYm6UNKH47bhBKg==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (mx.spodhuis.org) smtp.remote-ip=94.142.241.89;
	dkim=pass header.d=spodhuis.org header.s=d202011e2 header.a=ed25519-sha256;
	dkim=pass header.d=spodhuis.org header.s=d202011 header.a=rsa-sha256;
	dmarc=pass header.from=spodhuis.org;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20200801; t=1609112262;
	bh=XsZAWlG6KyneLfZN4DKShHDZfm6yegDnuUYlmSPWD9M=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:In-Reply-To:Content-Transfer-Encoding:Content-Type:
	  MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:DKIM-Signature:
	  DKIM-Signature:DKIM-Signature;
	b=u0DfGr9P8jHmYIAdYAY1+/Qp4TvrDGlEYcx2cHri+UAHB5kTqF76FIAUiwD0pW8dc7/ACAkxUG
	  ro3c5wGky8Oqe9K2ielD6nVaUbR03VLIAq6S3STBKDCXp6R5ymq1k7BV81TfcgXw5nQWs1Z9kh
	  NRTSiQ+Y5kAjaUlrydPZYnxbcSG3mDREUUW5iCuUbNZXrWTdrRMtJs4i1PbCAIj8GCwxWT+8Ea
	  GwuGI80dVwoWIlvdVHTTw1RViLS3LSaeUcCHeKs/Nt8hxmgKMkjR3xtt+ZZjx3HpQ308QL9D7G
	  JsmkIuVszcRcGXO/xyqONH4GkfeZXGnNxNiylpaaYFDIkg==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:In-Reply-To:Content-Transfer-Encoding
	:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:
	Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender
	:Resent-To:Resent-Cc:Resent-Message-ID;
	bh=7h2Q47vgSXX8cw+WXy0xpwrmm/gRY8nqdp6MbRDm6Oc=; b=s00l+j0hKHbaQW+vulJQbcxE4z
	z5nmEFlRHMO6iHYGDxws/iL1xu8sOnpy/kl2QubPuU7bEztS6dTT8xyrS/T06Vdga78vnQLWD+8gG
	71RrGLOxoXnElxYCgviqL/64pA8vGZM1MbpErdBZTZy0OOmMTbW6S5YuJ25P1vIy2Zyo31SwVBgIj
	gHq9ZhJn504DlTb73EHfeow3dsl+/lxs3kZXGEk8KaecYKx0oaV9Z6Gs5CDl+C/iBv5xIRRBTJLXp
	9tdx1WxCnELoPxkCzLx7tlNUQyxoX9ftcK7WDepbapt2GrWkRsmq6zWmaJBnl0PSH1VUgj34k5gef
	Wph7UFtQ==;
Received: from authenticated user by zero.zsh.org with local 
	id 1ktfbZ-000EfP-E2; Sun, 27 Dec 2020 23:37:41 +0000
Authentication-Results: zsh.org;
	iprev=pass (mx.spodhuis.org) smtp.remote-ip=94.142.241.89;
	dkim=pass header.d=spodhuis.org header.s=d202011e2 header.a=ed25519-sha256;
	dkim=pass header.d=spodhuis.org header.s=d202011 header.a=rsa-sha256;
	dmarc=pass header.from=spodhuis.org;
	arc=none
Received: from mx.spodhuis.org ([94.142.241.89]:10176) (DNSSEC AD)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256)
	id 1ktfbI-000EWQ-G1; Sun, 27 Dec 2020 23:37:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=spodhuis.org; s=d202011; h=OpenPGP:In-Reply-To:Content-Transfer-Encoding:
	Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:From:
	Reply-To:Subject:Date:To:Cc:Content-ID:Content-Description:OpenPGP:
	Organization; bh=7h2Q47vgSXX8cw+WXy0xpwrmm/gRY8nqdp6MbRDm6Oc=; t=1609112244;
	 x=1610321844; b=Rca2iMDM5GTFgJj+LyO/SLf0ah7he7L52cRnZ5eXWLwgHm1AIUGpQxuoo7jX
	Djet1GKVs3YUblJ/OXax45yvLypZ8tT0f8pqPum8GUfpqa+K8tK/tZSgBT7DHasZMb6O/F8KEHhNA
	9j2xAH/qdPdCaAmDGPmazDEeG4LQZvWocJOL0aVO207/KxcwPBBw/DSqZi0R8xs7XaqT2oKdxqcap
	GWJ06bMRjwhszRtyITmJhtMQ0+vW203L1AV4tG6PIMHsZyqMQV+aygUqImD4amOcoDhpAaQdUUXvG
	pTEhhngX/DKPQHCkheD92G9vKZTOt1QiXqyJ5rP9p5rft0//65Q==;
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed;
	d=spodhuis.org; s=d202011e2; h=OpenPGP:In-Reply-To:Content-Transfer-Encoding:
	Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:From:
	Reply-To:Subject:Date:To:Cc:Content-ID:Content-Description:OpenPGP:
	Organization; bh=7h2Q47vgSXX8cw+WXy0xpwrmm/gRY8nqdp6MbRDm6Oc=; t=1609112244;
	 x=1610321844; b=tOPmmoOm4Swk/k0Y0QrIpB35dvTgQ7ng5G3mTYslSYXDik+8B56MS7BP+5Gl
	UHgC9SylfA4S/7vh9Kok37WICw==;
Received: from authenticated user by smtp.spodhuis.org with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
	id 1ktfbH-000EWI-UE; Sun, 27 Dec 2020 23:37:24 +0000
Date: Sun, 27 Dec 2020 18:37:20 -0500
From: Phil Pennock <zsh-workers+phil.pennock@spodhuis.org>
To: =?utf-8?B?SsOpcsOpbWll?= Roquet <jroquet@arkanosis.net>
Cc: Daniel Shahaf <d.s@daniel.shahaf.name>,
	Zsh Hackers' List <zsh-workers@zsh.org>
Subject: Re: Security
Message-ID: <X+kasJvMFivCnBmR@fullerene.field.pennock-tech.net>
References: <paAbf-KNB0KbNKpcW3QUwRieHYlcjHX1JUBuWrVKyRFxy3huAGdvLPpI3AarFSLDymL3AP4TfrD_Pusx13LQUUoAxYUBOWasBoMDvSPvppk=@protonmail.com>
 <CAFOazAPaNLP6Yg6krO7mtcSrgoj=+rmg-=Awc-ju8rBfqKykUQ@mail.gmail.com>
 <9ukE0EnlTIntEcJ7b7nLSoq5E3XfeB-HtfyHk1Vmzoh_NojpSpL_amjhCixUBdb164pmStO4by1oduUBR0zCJpK0xGzrh2uz42flRXt96-8=@protonmail.com>
 <X+N714veDei3MIVm@andrew.cmu.edu>
 <Uzy4-LW1s3eKrllB-zw35G-ORZsJNQl6uPzDhishTuzE-QC_Hir0nOOi00r5bRdlm-N9GbNJL9gGifBuXxQt8QKlz7yATk4Ah4bxVqOjQKM=@protonmail.com>
 <a5f44f89-bec5-487d-aee3-8c4eb4f521fa@www.fastmail.com>
 <X+kBRpTydSUosZNw@fullerene.field.pennock-tech.net>
 <CAFOazAOFxerpsmFB6QKMa1krjDu9Ke3G+Z4vYrz=sHY9bpYHBQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAFOazAOFxerpsmFB6QKMa1krjDu9Ke3G+Z4vYrz=sHY9bpYHBQ@mail.gmail.com>
OpenPGP: url=https://www.security.spodhuis.org/PGP/keys/keys-2013rsa-2020cv25519.asc
X-Seq: 47765
Archived-At: <https://zsh.org/workers/47765>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <mailto:sympa@zsh.org?subject=help>
List-Subscribe: <mailto:sympa@zsh.org?subject=subscribe%20zsh-workers>
List-Unsubscribe: <mailto:sympa@zsh.org?subject=unsubscribe%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>
Archived-At: <http://www.zsh.org/sympa/arcsearch_id/zsh-workers/2020-12/X%2BkasJvMFivCnBmR%40fullerene.field.pennock-tech.net>

On 2020-12-27 at 23:40 +0100, Jérémie Roquet wrote:
> Daniel, Phil, would it be possible to advertise for this new list on
> the mailing lists page?
> 
>   http://zsh.sourceforge.net/Arc/mlist.html

Oops, thanks.

Theoretically done.  I don't know how much caching there is inside
SourceForge, but the git repo has been updated and the website content
has been rsync'd.

> … and maybe set up a security.txt as well?
> 
>   https://securitytxt.org/
> 
> That's not yet a widely recognized standard, but I believe someone
> unfamiliar with a project yet familiar with security would start by
> looking there if there's is a contact address.

This one is not my call to make.  I like the general idea and use it for
my own site (which ~nobody cares about) but I'm not going to deploy
without other folks mulling it over first.

-Phil