Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security.txt #27628

Merged
merged 2 commits into from
Jun 23, 2021
Merged

Add security.txt #27628

merged 2 commits into from
Jun 23, 2021

Conversation

LukasReschke
Copy link
Member

To test:

curl localhost:8081/index.php/.well-known/security.txt -v

Ref https://securitytxt.org

@LukasReschke
Add security.txt
25ab405 
Ref https://securitytxt.org

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
@LukasReschke
Rebuild autoloader
6574269 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
ChristophWurst
ChristophWurst approved these changes Jun 23, 2021
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea!

@ChristophWurst ChristophWurst requested a review from solracsf June 23, 2021 12:02
@ChristophWurst ChristophWurst added this to the Nextcloud 22 milestone Jun 23, 2021
@LukasReschke
Copy link
Member Author

Good idea!

I know! Must be some Austrian who had this idea 😉

ChristophWurst
ChristophWurst reviewed Jun 23, 2021
View reviewed changes
apps/settings/lib/WellKnown/SecurityTxtHandler.php
}

$response = "Contact: https://hackerone.com/nextcloud
Expires: 2021-12-31T23:00:00.000Z
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you plan to extend this manually?

Copy link
Member Author

@LukasReschke LukasReschke Jun 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Dynamic also seems a bit dishonest in case this ever gets changed 🙈 (I was thinking of making each end-of-year release extend this for a year or such)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can also always extend it when a new stable branch is branched of and up it to "in 1 year"
Then it matches the EOL of the major version?

@LukasReschke LukasReschke merged commit 19a8451 into master Jun 23, 2021
@LukasReschke LukasReschke deleted the security-txt branch June 23, 2021 13:49
@blizzz blizzz mentioned this pull request Jun 23, 2021
Merged
39 tasks
@joshtrichards joshtrichards mentioned this pull request Feb 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@nickvergessen nickvergessen nickvergessen approved these changes

@solracsf solracsf Awaiting requested review from solracsf

Assignees
No one assigned
Labels
3. to review Waiting for reviews enhancement security
Projects
None yet
Milestone
Nextcloud 22
Development

Successfully merging this pull request may close these issues.
3 participants
@LukasReschke @nickvergessen @ChristophWurst