Drift/issues
17
1
Fork 0
Code Issues 144 Pull Requests Projects Wiki Activity

Add security.txt #100

New Issue
Closed
opened 2024-08-06 18:21:54 +02:00 by oysteikt · 6 comments
oysteikt commented 2024-08-06 18:21:54 +02:00
Owner
Copy Link

https://www.pvv.ntnu.no/.well-known/security.txt when

(issue nr. 100 wahoo)

https://www.pvv.ntnu.no/.well-known/security.txt when - https://securitytxt.org/ - https://securitytxt.no/ (issue nr. 100 wahoo)
oysteikt added the
security
 label 2024-08-06 18:21:54 +02:00
oysteikt added this to the Kanban project 2024-08-06 18:21:54 +02:00
oysteikt added the
good first issue
 label 2024-08-12 20:34:28 +02:00
oysteikt commented 2024-08-26 22:17:31 +02:00
Author
Owner
Copy Link

@adriangl Do you want to fix this one, a day it suits you? Feel free to add yourself as assignee if you'd like

@adriangl Do you want to fix this one, a day it suits you? Feel free to add yourself as assignee if you'd like
adriangl self-assigned this 2024-09-14 18:39:46 +02:00
adriangl commented 2024-09-14 18:39:59 +02:00
Owner
Copy Link

Will take a look

Will take a look
adriangl commented 2024-09-14 19:05:13 +02:00
Owner
Copy Link

Created the file at least. 95a634c9d5

Created the file at least. https://git.pvv.ntnu.no/Projects/nettsiden/commit/95a634c9d549a51c84434018ec71b6dd6d72fd58
felixalb commented 2024-09-15 23:25:28 +02:00
Owner
Copy Link

I think the canonical name is a bit off.

  • Our website is https://www.pvv.ntnu.no, not https://pvv.ntnu.no
  • The RFC, section 3, specifies that the file MUST be placed under .well-known, and not in the top-level as done here. The top-level is permitted in addition to the "proper" one for legacy purposes, but I don't think we should use it.

Also, .well-known will now live in the bekkalokk-config, rather than the website, as soon as Drift/pvv-nixos-config#79 is fixed and merged.

I think the canonical name is a bit off. - Our website is https://www.pvv.ntnu.no, not https://pvv.ntnu.no - [The RFC](https://www.rfc-editor.org/rfc/rfc9116), section 3, specifies that the file MUST be placed under .well-known, and not in the top-level as done here. The top-level is permitted in addition to the "proper" one for legacy purposes, but I don't think we should use it. Also, .well-known will now live in the bekkalokk-config, rather than the website, as soon as https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/79 is fixed and merged.
oysteikt commented 2024-09-15 23:43:40 +02:00
Author
Owner
Copy Link

I think you're commenting on outdated information. 95a634c9d5 is no longer a part of the main branch, and the file have been modified as part of Drift/pvv-nixos-config#79. There is no longer any canonical name present, and it's been correctly placed.

I think you're commenting on outdated information. 95a634c9d5 is no longer a part of the main branch, and the file have been modified as part of https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/79. There is no longer any canonical name present, and it's been correctly placed.
felixalb commented 2024-09-15 23:55:49 +02:00
Owner
Copy Link

Aha, yup, I followed the link in the comment above, oops!
4e5093618e/hosts/bekkalokk/services/well-known/root/security.txt looks good!
We should probably have some clear security policy / review process documented in English on the wiki, but that is a difficult policy thing and not a required technical thing, so it can wait.

Apologies for the mess :)

Aha, yup, I followed the link in the comment above, oops! https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/commit/4e5093618e3a04f2afd00c4e0ef789da3f6455b5/hosts/bekkalokk/services/well-known/root/security.txt looks good! We should probably have some clear security policy / review process documented in English on the wiki, but that is a difficult policy thing and not a required technical thing, so it can wait. Apologies for the mess :)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
dns
Involves modifications to dvask
exploration
See the galaxy!
gitea
mail
epost nord
new stuff
Adds a new service / new functionality
services
Everything regarding selfhosted services
software
Everything regarding homebrewn software
art
The issue needs someone to be creative
backup
big
No, not bug, **big** - this is gonna take a while
blocked
This issue/PR depends on one or more other issues/PRs
bug
Something is not working, and it's not the shield hero
crash report
Report an oopsie
disputed
kranglefanter
documentation
Documentation changes required
duplicate
This issue or pull request already exists
enhancement
New feature
good first issue
Get your hands dirty with a new project here
logging
networking
TTM4100
nixos
Requires changes to our nixos setup
question
More information is needed
salt
Requires changes to our salt setup
security
Skommel
servers n' hardware
Regards hardware, servers or VMs
wontfix
This won't be fixed
No Label
good first issue
security
Milestone
No items
No Milestone
Projects
Clear projects
No project Kanban
Assignees
Clear assignees
adriangl albertba alfhj bjornoka chrisfjo chrivi danio davidk dungby eirikwit felixalb frero jonmro jovre karolds knuta krisleri larshhan oysteikt pederbs root torsteno yorinad
No Assignees adriangl
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Drift/issues#100
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?