Add a security.txt file to php.net#816
Merged
Merged
Conversation
This file implements the standard defined in RFC 9116 for a machine-parsable format to aid in security vulnerability disclosure. Of note: 1. We must include an Expires field, which the RFC suggests should be less than a year in the future. I have set it for the assumed date for GA of PHP 8.4/9.0. I recommend we update the expires time each year on this date, since it's already a date of significance for us. 2. I have signed it with my php.net release manager key. Since we publish our release manager keys, I'm recommending that a release manager for a currently supported version of PHP (at the time) be the one to digitally sign this file after making changes. For more details about security.txt, see: - https://securitytxt.org - https://www.rfc-editor.org/rfc/rfc9116
ericmann
approved these changes
Sep 29, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This file implements the standard defined in RFC 9116 for a machine-parsable format to aid in security vulnerability disclosure.
Of note:
We must include an
Expiresfield, which the RFC suggests should be less than a year in the future. I have set it for the assumed date for GA of PHP 8.4/9.0. I recommend we update the expires time each year on this date, since it's already a date of significance for us.I have signed it with my php.net release manager key. Since we publish our release manager keys, I'm recommending that a release manager for a currently supported version of PHP (at the time) be the one to digitally sign this file after making changes.
For more details about security.txt, see: