emma-miler
commented
2 years ago Will look at this
Closed GeckoEidechse closed 1 year ago
emma-miler
commented
2 years ago Will look at this
GeckoEidechse
commented
1 year ago Completed with #8
security.txtis a proposed standard to give security researchers a way easily report security vulnerabilities.Basically it's a simple text file that contains information on how to contact project maintainers about possible vulnerabilities.
Now knowing some of the nefarious actors within the community, if we decide to add some point of contact we should make sure we have some sort of gatekeeping mechanism, e.g. a Github account older than Northstar's release date. Obviously just putting an email address there is not a good solution as that will just get scraped and added to spam lists.
Example: https://www.google.com/.well-known/security.txt More info: https://securitytxt.org/