Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121172
Return-Path: <php@golemon.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 15510 invoked from network); 29 Sep 2023 13:42:37 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 29 Sep 2023 13:42:37 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0BF731804C1
	for <internals@lists.php.net>; Fri, 29 Sep 2023 06:42:37 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <php@golemon.com>
Received: from mail-qk1-f182.google.com (mail-qk1-f182.google.com [209.85.222.182])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 29 Sep 2023 06:42:36 -0700 (PDT)
Received: by mail-qk1-f182.google.com with SMTP id af79cd13be357-77409065623so894039185a.0
        for <internals@lists.php.net>; Fri, 29 Sep 2023 06:42:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1695994956; x=1696599756;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=kBeOf/ak94o4oFOvDjM0r2p3nv5ylBQX1dUqMnVULuo=;
        b=MBhY/+brg1uudEZfcoiOkXrgupmMSF+uC0bU1jFQ8cJAgM7Ogh8NSmPi8XXwjdNPFc
         7Mh81Crh+zmzt3ofRpwY9K+utkzB/hLmSYQ1729CTdLewNP6Te6Mn95F/otOdkUW8Hj5
         akE/zg3NlGzG9RwtXaLvYz4StHNjE6xgXWZBCFclnOy7zQaNprU4keW3y9b1K/6zigHm
         K0vLDDH18FY7PTC4To/QSK043CJ/VEYzwN3+C5sA/AXmCKAsn7gIVr6TinvZ8KP1LOEm
         Wa9ooCzyyFuM+3ERSi2bvHh0gDx+EQd6FF49+eKY9enXEDtH8XbYpPc/XtkoBw4tmkvy
         P1uw==
X-Gm-Message-State: AOJu0YwnX823fDqK6qgb87RnpqVaz7kAvMvHD8dP8UibyT8DfUr0bcXn
	ksu0C4cd8YcXmM9qvS4wOjG9avYRibBxJcW5O+QyF0vyrZ36RKEq
X-Google-Smtp-Source: AGHT+IFyt0ILDNSxhqXj3mhjq7EkOwem04SToU01hiXUjQCtVJ+OINyNXphxrenwSsWZNPZVndy9Z41oEjstPEMA3D0=
X-Received: by 2002:ac8:5712:0:b0:417:c16a:c2c9 with SMTP id
 18-20020ac85712000000b00417c16ac2c9mr5323060qtw.62.1695994955889; Fri, 29 Sep
 2023 06:42:35 -0700 (PDT)
MIME-Version: 1.0
References: <79C36252-921C-4D4C-9B1F-286DD5ABCBCA@php.net> <6515fc31.810a0220.69302.df44SMTPIN_ADDED_MISSING@mx.google.com>
In-Reply-To: <6515fc31.810a0220.69302.df44SMTPIN_ADDED_MISSING@mx.google.com>
Date: Fri, 29 Sep 2023 08:42:25 -0500
Message-ID: <CAESVnVq_FaEnjMtya89iG4MVnbF3DHdnX-_AUxod+XcRRMqK6Q@mail.gmail.com>
To: Ben Ramsey <ramsey@php.net>
Cc: internals@lists.php.net
Content-Type: multipart/alternative; boundary="000000000000e3132806067f98e6"
Subject: Re: [PHP-DEV] Add security.txt file to php.net
From: pollita@php.net (Sara Golemon)

--000000000000e3132806067f98e6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 28, 2023 at 5:20=E2=80=AFPM Ben Ramsey <ramsey@php.net> wrote:
> I've added documentation inline in the security.txt file
>

To add some nitpicky bikeshedding, I'd put those instructions elsewhere
(maybe php-src:docs/release-process.md ?) and only have a single line in
the security.txt file referring out to that.  The focus of the security.txt
file should BE the metadata.

+1 on the concept, and I do like the idea of making it part of the new
branch release process as well as having one of the new RMs being the ones
to sign it.

-Sara

--000000000000e3132806067f98e6--