Open jeroenhabets opened 1 year ago
There's two different types of disclosure to be considered here - disclosure of bugs/vulnerabilities in the Mastodon software (which need to be disclosed to the project), and disclosure of bugs/vulnerabilities present in a particular instance due to misconfiguration or similar.
Peertube addresses that difference by including two Contact lines - one pointing to the project's documentation for reporting, and the other with the email of the server admin.
Pitch
From RFC 9116
So I kindly ask to please add support for a security.txt (see RFC 9116 and https://securitytxt.org/). I'd imagine a new Disclosure page or section to /terms that the security.txt could point to. With a request to DM an administrator, or even better some new admin fields to drive this policy.
Motivation