EdOverflow
commented
7 years ago Hi @jamesdavisjisc,
Thank you for raising an issue. This is not the RFC and was just a little concept to get my idea out there. The robots.txt analogy was to make it clear to people that this will be a text file with some directives. At no point in the RFC is robots.txt mentioned.
On a side note, security.txt has developed a lot and the RFC will have lots of new information that has not been shared in this repo yet.
robots.txt is "A Standard for Robot Exclusion" or the "Robots Exclusion Protocol". A robots.txt file sets out the things that a robot/spider is not permitted to do, whereas it feels that this proposal is about setting out things that a security research is permitted to do.
I think it's worth mentioning this, and including an explicit section stating the semantics of an absent security.txt to remove all ambiguity (probably that the absent file should be treated identically to Disallow: *).