From bd704c7f0181e892b4f2c28340098282c144b6a0 Mon Sep 17 00:00:00 2001 From: Ben Ramsey Date: Thu, 28 Sep 2023 17:14:49 -0500 Subject: [PATCH] Update security.txt with inline instructions for updating it --- .well-known/security.txt | 52 ++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 15 deletions(-) diff --git a/.well-known/security.txt b/.well-known/security.txt index 20384210ed..f5c530787c 100644 --- a/.well-known/security.txt +++ b/.well-known/security.txt @@ -14,23 +14,45 @@ Policy: https://github.com/php/php-src/security/policy # supported version of PHP (at the time of the changes). # Supported PHP versions are listed at . # Release manager PGP keys are listed at . - +# +# To make changes to this file: +# +# 1. First, remove the PGP signature that wraps the body of this file: +# +# gpg --decrypt --output security.txt security.txt +# +# 2. Make and save your changes to this file, i.e., update the Expires +# timestamp. Be sure to update the signature above to include your name, +# the email address for your PGP key, and the current date. +# +# 3. Sign your changes: +# +# gpg --clearsign --local-user YOU@php.net --output security.txt.asc security.txt +# +# Note: you cannot output the signature to the same file as the input or it +# will result in a signature wrapped around empty content. +# +# 4. Last, replace security.txt with security.txt.asc and commit your changes: +# +# mv security.txt.asc security.txt +# git commit security.txt +# # For more information about this file, see and # RFC 9116 . -----BEGIN PGP SIGNATURE----- -iQJDBAEBCAAtFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmUVzUwPHHJhbXNleUBw -aHAubmV0AAoJEPnDncC5aYVEnQYQAIFr8yIGOJ8GBGJ0L8LkGmE23UHukVQKdqFw -lt/evxz7c+Z3GX2i4j+TyVKl5mSgXaryOMIo3e6HCjnmqPZp+gBlamYLusgn6b/3 -bmCQ1jh+7lEeEg8eTF7URNvR/8ao3I22iu0TAAQIF3B3bhYq7hwQYJtQvIdAvn/X -qGInKHGJ+QJRyR+GHOOPUDrQ6geU6lSMd2znAe2WUTtZZWo3A0OURmW7m1m7w9E/ -vq5Mzttkjk0syKOJ6/5GLk8Olag7KV8gCnsazjBRzUD5fN5tbo2XX/6EJYkqeptq -LREVYi2c/iWotwapoHZJrG+Gx3GgtLDYBZ+cJ8ZpR+8OevCeBQOdYLMNbhvdAM7b -HZm36EpmBSfU7YngaKnq1Erb2GsgtF03dG4eeXSViVhVT/ERGvzidK7OG4RWBnL/ -AwMb5LsdQswM2PHq2QwNz9hwv1AL3UOLMM4e2cOMvmZlOZ7PDYQHp+UqWy5VaGRU -YoZ9wQWudpnpJ4RzOAzf9/fQG8wracwJqgCk2CinTd9Dk/4rueVwv5FvyCSq6EiK -iuq9cnhQlPFGwOR3dfYlTU+CdevlnP7JFSwBdQuyrNV8YSTqMD4O2I8Kwo+1MNN2 -elK4pT1pHGKe50c31NM82ZwY5RLW2cLj8Q4Y+pvOfTqhzr3vPAy/NfZZiwlNYsRE -KN9Ixm67 -=n+Pu +iQJDBAEBCAAtFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmUV+rUPHHJhbXNleUBw +aHAubmV0AAoJEPnDncC5aYVEecgQAI5vAj7c/FwzaZm02IxUWofKFH8ZPivXlRbI +1aKDJkIFZwxq59Lr9EW2AnZRSdSmBDPJ1ED91DP737wACVx/rmQecuW3fJ2UtyYC +TnwERb34ff3Ojt0qO9RTXc3X/+Aq7j28cZVM8JmGrTIbIMh9FnYoWmdoMjy3dqF/ +YBPQw/7wFMBW9wpRJx4ZSjf02VoUn6grR2UTMAfveCQcFKNAo7qo6km/ogJMnPsi +pcpgYA1d7plx4H1BhnyExSwZ/V9wmNOOPOME75wvx2V9nVNWKha/XCoNU53ySi9V +15U/zdXa2zjCo+8KASWgYqFAipMTa7oCzRLuqbWLc59amMMflRpbfKHAnC4W2L1d +M2HdG4loOh45OFZAenOFAQxAbT5cFhA1jWMDP4jY1X7ivuCV62YaBfqYBILaTps+ +/uutLUq73WMVsCdtwN5Va/2CWplvgFPcwVbpNeGJcjHTsA/ikSuVhNoTeDLfwUck +ZBo67oqwkAHJsKX79PD9eemZqrqHvS9qx0l05ZlRE7dUdq0XY7YCZOREBKnipX7O +RnMXnjSg9oE6I5m02OdPeKy24KthQPFCev+nu6TwgNfvc5AWADanYNf5BnhWRzea +tc0VUoaXaxQtbInFA0E0NfMUVcy6mR9RFYhDCt62xFHp0TDkyaHszBs701Tebxei +tAj40vPD +=U/gC -----END PGP SIGNATURE-----