Skip to content

Commit

Permalink
Add a security.txt file to php.net (#816)
Browse files Browse the repository at this point in the history 
This file implements the standard defined in RFC 9116 for a
machine-parsable format to aid in security vulnerability disclosure.

Of note:

1. We must include an Expires field, which the RFC suggests should be
   less than a year in the future. I have set it for the assumed date
   for GA of PHP 8.4/9.0. I recommend we update the expires time each
   year on this date, since it's already a date of significance for us.

2. I have signed it with my php.net release manager key. Since we
   publish our release manager keys, I'm recommending that a release
   manager for a currently supported version of PHP (at the time) be the
   one to digitally sign this file after making changes.

For more details about security.txt, see:

- https://securitytxt.org
- https://www.rfc-editor.org/rfc/rfc9116
  • Loading branch information
@ramsey
ramsey authored Oct 5, 2023
1 parent 390ad10 commit 8cb5364
Showing 1 changed file with 31 additions and 0 deletions.
31 changes: 31 additions & 0 deletions .well-known/security.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://github.com/php/php-src/security/advisories/new
Contact: mailto:[email protected]
Expires: 2024-11-28T11:59:59.999Z
Preferred-Languages: en
Canonical: https://www.php.net/.well-known/security.txt
Policy: https://github.com/php/php-src/security/policy

# Signed by Ben Ramsey <[email protected]> on 2023-09-29.

# For instructions on how to update this file, read
# <https://github.com/php/php-src/blob/master/docs/security-policies.md#making-changes-to-securitytxt>
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmUXFR8PHHJhbXNleUBw
aHAubmV0AAoJEPnDncC5aYVE5FsP/0vTzaiBB6ESAex1QPWU2tUFPiVsFBZN0/lo
DHVokFrOQ0CiUaXmOltia8ZJK5WR5IRlKjm94GlgFqdg5Mn0sLvo9JF9e4eq2PZa
AYj3rGL4C6GCXc8voKz9TXZ/eerkCSA2BY/0a1PM69dDam0XBcrCIndcil/3Evj0
ztiWPWcMRHubBadxmDosoGtXwcw5u13IIGDmSsHwNtdkKNbS1eb1+o7DFSVQZicY
hW5SI4pfjW5BsIYxHLR7F9qCtoTWkZwtwTqX5LNIPBh6M/C8aYl/3vAfikBbqvXu
SPnObTGBNXeaHavVXMohBFNZsWdiJzBSAKQBhsqGTElVJfSbuzyaNIFN7LuuheS4
Od7Ar9V8tUsfy/y9OisWOIbNVpm7FgQIDKTTXXJpI1THQ1kmsHKsPN5eFZw1O8ZE
ZSztjMyo0jaLTlwrfzAmqSwEiuAQAv1fvc4PncHeat1SMFFG4wP1/lEfmzunmLiq
yUzwii/5JOLWwAGfkuNaWTOTX7XJVyfTcr34nD+2WNxws4vrAA9KES2qhLBYpZ/K
xELiqGcogoDBiQYZ7AnofsbghFQn1cpX90uUxdXXAimiUWgBm3ONnXX9YoNsYMdd
eVMZ3JfOOUL8Gfe5vjaQex46o4zN/1g2baAmu5usfD21TLZEcrD9HhFiarEWjYv0
Tr0agdzE
=CJdS
-----END PGP SIGNATURE-----

0 comments on commit 8cb5364

Please sign in to comment.