Skip to content

Commit

Permalink
Add a security.txt file to php.net
Browse files Browse the repository at this point in the history 
This file implements the standard defined in RFC 9116 for a
machine-parsable format to aid in security vulnerability disclosure.

Of note:

1. We must include an Expires field, which the RFC suggests should be
   less than a year in the future. I have set it for the assumed date
   for GA of PHP 8.4/9.0. I recommend we update the expires time each
   year on this date, since it's already a date of significance for us.

2. I have signed it with my php.net release manager key. Since we
   publish our release manager keys, I'm recommending that a release
   manager for a currently supported version of PHP (at the time) be the
   one to digitally sign this file after making changes.

For more details about security.txt, see:

- https://securitytxt.org
- https://www.rfc-editor.org/rfc/rfc9116
  • Loading branch information
@ramsey
ramsey committed Sep 28, 2023
1 parent 390ad10 commit 1f035f1
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions .well-known/security.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://github.com/php/php-src/security/advisories/new
Contact: mailto:[email protected]
Expires: 2024-11-28T11:59:59.999Z
Preferred-Languages: en
Canonical: https://www.php.net/.well-known/security.txt
Policy: https://github.com/php/php-src/security/policy

# Signed by Ben Ramsey <[email protected]> on 2023-09-28.

# All changes to this file are signed by a PHP release manager for a currently
# supported version of PHP (at the time of the changes).
# Supported PHP versions are listed at <https://www.php.net/supported-versions.php>.
# Release manager PGP keys are listed at <https://www.php.net/gpg-keys.php>.

# For more information about this file, see <https://securitytxt.org> and
# RFC 9116 <https://www.rfc-editor.org/rfc/rfc9116>.
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmUVzUwPHHJhbXNleUBw
aHAubmV0AAoJEPnDncC5aYVEnQYQAIFr8yIGOJ8GBGJ0L8LkGmE23UHukVQKdqFw
lt/evxz7c+Z3GX2i4j+TyVKl5mSgXaryOMIo3e6HCjnmqPZp+gBlamYLusgn6b/3
bmCQ1jh+7lEeEg8eTF7URNvR/8ao3I22iu0TAAQIF3B3bhYq7hwQYJtQvIdAvn/X
qGInKHGJ+QJRyR+GHOOPUDrQ6geU6lSMd2znAe2WUTtZZWo3A0OURmW7m1m7w9E/
vq5Mzttkjk0syKOJ6/5GLk8Olag7KV8gCnsazjBRzUD5fN5tbo2XX/6EJYkqeptq
LREVYi2c/iWotwapoHZJrG+Gx3GgtLDYBZ+cJ8ZpR+8OevCeBQOdYLMNbhvdAM7b
HZm36EpmBSfU7YngaKnq1Erb2GsgtF03dG4eeXSViVhVT/ERGvzidK7OG4RWBnL/
AwMb5LsdQswM2PHq2QwNz9hwv1AL3UOLMM4e2cOMvmZlOZ7PDYQHp+UqWy5VaGRU
YoZ9wQWudpnpJ4RzOAzf9/fQG8wracwJqgCk2CinTd9Dk/4rueVwv5FvyCSq6EiK
iuq9cnhQlPFGwOR3dfYlTU+CdevlnP7JFSwBdQuyrNV8YSTqMD4O2I8Kwo+1MNN2
elK4pT1pHGKe50c31NM82ZwY5RLW2cLj8Q4Y+pvOfTqhzr3vPAy/NfZZiwlNYsRE
KN9Ixm67
=n+Pu
-----END PGP SIGNATURE-----

0 comments on commit 1f035f1

Please sign in to comment.