Add a security.txt file to php.net (#816)
This file implements the standard defined in RFC 9116 for a
machine-parsable format to aid in security vulnerability disclosure.
Of not
Add a security.txt file to php.net (#816)
This file implements the standard defined in RFC 9116 for a
machine-parsable format to aid in security vulnerability disclosure.
Of note:
1. We must include an Expires field, which the RFC suggests should be
less than a year in the future. I have set it for the assumed date
for GA of PHP 8.4/9.0. I recommend we update the expires time each
year on this date, since it's already a date of significance for us.
2. I have signed it with my php.net release manager key. Since we
publish our release manager keys, I'm recommending that a release
manager for a currently supported version of PHP (at the time) be the
one to digitally sign this file after making changes.
For more details about security.txt, see:
- https://securitytxt.org
- https://www.rfc-editor.org/rfc/rfc9116
show more ...
|
