•  
      request #26734 Add basic support of security.txt file (RFC 9116)
    Infos
    #26734
    Thomas Gerbet (tgerbet)
    2022-05-18 13:24
    2022-04-28 15:24
    28258
    Details
    Add basic support of security.txt file (RFC 9116)

    security.txt files exist for a while now. It is a standard for websites to make it easier for security researchers and companies to find a point of contact for security issues. RFC 9116 just got published so it is good time to consider it.

    Since the only really needed thing is to expose a text file under /.well-known/security.txt there is already nothing preventing administrators to deploy one (in the same way they can use the ACME protocol with the HTTP challenge) but for basic use cases they might prefer that Tuleap manages this endpoint (less system configuration to manage).

    This request proposes to add the possibility of defining a primary security contact and to publish /.well-known/security.txt when one is defined. More complex needs can be contributed later on or administrators can still fallback to deploy their own security.txt file.

    Other
    Empty
    Empty
    • [ ] enhancement
    • [x] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2022-05-18
    Attachments
    Empty
    References

    Follow-ups

    User avatar

    BTW, you should add information about this plugin in documentation (at least in the list of plugins)