Add security.txt #100

Closed
opened 2024-08-06 18:21:54 +02:00 by oysteikt · 6 comments
Owner
https://www.pvv.ntnu.no/.well-known/security.txt when - https://securitytxt.org/ - https://securitytxt.no/ (issue nr. 100 wahoo)
oysteikt added the
security
label 2024-08-06 18:21:54 +02:00
oysteikt added this to the Kanban project 2024-08-06 18:21:54 +02:00
oysteikt added the
good first issue
label 2024-08-12 20:34:28 +02:00
Author
Owner

@adriangl Do you want to fix this one, a day it suits you? Feel free to add yourself as assignee if you'd like

@adriangl Do you want to fix this one, a day it suits you? Feel free to add yourself as assignee if you'd like
adriangl self-assigned this 2024-09-14 18:39:46 +02:00
Owner

Will take a look

Will take a look
Owner

Created the file at least. 95a634c9d5

Created the file at least. https://git.pvv.ntnu.no/Projects/nettsiden/commit/95a634c9d549a51c84434018ec71b6dd6d72fd58
Owner

I think the canonical name is a bit off.

  • Our website is https://www.pvv.ntnu.no, not https://pvv.ntnu.no
  • The RFC, section 3, specifies that the file MUST be placed under .well-known, and not in the top-level as done here. The top-level is permitted in addition to the "proper" one for legacy purposes, but I don't think we should use it.

Also, .well-known will now live in the bekkalokk-config, rather than the website, as soon as Drift/pvv-nixos-config#79 is fixed and merged.

I think the canonical name is a bit off. - Our website is https://www.pvv.ntnu.no, not https://pvv.ntnu.no - [The RFC](https://www.rfc-editor.org/rfc/rfc9116), section 3, specifies that the file MUST be placed under .well-known, and not in the top-level as done here. The top-level is permitted in addition to the "proper" one for legacy purposes, but I don't think we should use it. Also, .well-known will now live in the bekkalokk-config, rather than the website, as soon as https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/79 is fixed and merged.
Author
Owner

I think you're commenting on outdated information. 95a634c9d5 is no longer a part of the main branch, and the file have been modified as part of Drift/pvv-nixos-config#79. There is no longer any canonical name present, and it's been correctly placed.

I think you're commenting on outdated information. 95a634c9d5 is no longer a part of the main branch, and the file have been modified as part of https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/79. There is no longer any canonical name present, and it's been correctly placed.
Owner

Aha, yup, I followed the link in the comment above, oops!
4e5093618e/hosts/bekkalokk/services/well-known/root/security.txt looks good!
We should probably have some clear security policy / review process documented in English on the wiki, but that is a difficult policy thing and not a required technical thing, so it can wait.

Apologies for the mess :)

Aha, yup, I followed the link in the comment above, oops! https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/commit/4e5093618e3a04f2afd00c4e0ef789da3f6455b5/hosts/bekkalokk/services/well-known/root/security.txt looks good! We should probably have some clear security policy / review process documented in English on the wiki, but that is a difficult policy thing and not a required technical thing, so it can wait. Apologies for the mess :)
Sign in to join this conversation.
No Milestone
No project
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Drift/issues#100
No description provided.