Closed tippexs closed 1 week ago
So good to see you, too, @tippexs !
Honestly, I'm not entirely sure what to do re: the mismatch. It seems like security.txt (which gets exposed at https://unit.nginx.org/.well-known/security.txt) is part of the securitytxt.org standard for machine-discoverable information about reporting vulnerabilities, while the njs and agent security.md is more human-readable.
...that said, there are clearly some outdated bits of the security.txt document (maxim's key, etc.) but it's not clear to me how we should be reconciling the differences. I'll leave it to @javorszky to propose a next step.
Had a conversation about this, the resolution will be:
I'll be making these changes in a moment.
Thanks for taking care of this and congrtulations to 1.33!!!
Thank you! And thank you for flagging this to us 🙂
Good Friday Unit-Team :)
feels great to be back here on GitHub with you. While researching I have noticed that there is a difference between the
SECURITY.txt
in this repository and theSECURTIY.md
in njs and agents repository. As the last two are updated more recently, maybe there is value in using the same Policy Document. If thats accurate, I am MORE than happy to come up with an PR.PS: Great to see 1.33 on the Horizon AND the Wasmtime Version Bump <3