You should add a security.txt


you-should-add-a-security.txt.exe
created (updated in this commit)
Tags:

I just want to make everyone aware of the great concept of the security.txt file, which is very useful for receiving vulnerability reports for services you’re using or providing. I have received two reports already and am quite happy to report that both have been resolved (on was solved by just taking down the service as was planned beforehand).

The policy itself is pretty straightforward, and can be understood by everyone. Here is mine, and as you will see it’s quite self-explanatory:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:moritz@poldrack.dev
Contact: mailto:~poldi1405/security@lists.sr.ht
Expires: 2026-12-31T23:00:00.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/190A743436A77032B4E17C9F47DF8FD1598E633F
Encryption: https://moritz.sh/pgp-key.txt
Preferred-Languages: de, en
Canonical: https://moritz.sh/.well-known/security.txt
Canonical: https://git.sr.ht/~poldi1405/website/tree/master/item/static/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTL+OUT8rbB/4DIG62EJtcJm4xt2gUCZ7zpRQAKCRCEJtcJm4xt
2jS+AP46sSgX9rthtE1ntmZ1VSTLGSxQM/+5LErWEpZZkzMbKQEAgMdBj3+n+8HZ
FPrRkYi3o8cn61SFmkGLJYB5cmhFVA4=
=w7j8
-----END PGP SIGNATURE-----

You can go ahead and generate your’s right now using this handy generator.

Do you know better? Have a comment? Great! Let me know by sending an email to ~mpldr/public-inbox@lists.sr.ht

If you feel like it, you can Liberapay receiving, or GitHub Sponsors.
Unless stated otherwise the texts of this website are released under CC-BY and code-snippets are released into the public domain.
© Moritz Poldrack

RSS Feed available I am sponsoring the letter @. Yes, that's a thing. This website's content doesn't need AI to be stupid! Website Status
Share to the Fediverse