search

YunoHost / issues

General issue tracker for the YunoHost project
71 stars 8 forks source link

Allow to configure generic security.txt #2339

Open zamentur opened 4 months ago

zamentur commented 4 months ago

Security.txt allows security researchers to signal easily information about security holes. We could generate something like this:

/.well-known/security.txt

Contact: abuse@maindomain.tld
Preferred-Languages: en,fr
Policy: https://maindomain.tld/security.html

/security.html

About security

You are not allowed to practice some pentests without agreement of the admin.

If you want to test security about YunoHost, DON'T DO IT on this server. You can setup your own in a lot of way, and YunoHost can help you to get some dedicated pentesting infra.

If you found something by chance, feel free to report it on this address: abuse@maindomain.tld

If you think the problem concerns all YunoHost instances, you could do a report to the YunoHost security team

https://securitytxt.org/