Page MenuHomePhabricator
Create Task
Maniphest T297281

Security.txt
Closed, DuplicatePublic
Actions

Description

Hi;

I have a suggestion: Add a security.txt file to all Wikimedia Foundation projects.

For example: https://www.mediawiki.org/.well-known/security.txt & https://he.wikipedia.org/.well-known/security.txt.

This is important because in the current situation if a security researcher wants to report a security breach he should look for [[foundationsite:about/contact/|us]] himself, instead of us being easy on him - for our benefit.

What do you think? 🙂

מקף־ (Hyphen)

Event Timeline

Hyphen created this task.Dec 8 2021, 12:16 PM
Restricted Application added a project: Security-Team. · View Herald TranscriptDec 8 2021, 12:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Hyphen updated the task description. (Show Details)Dec 8 2021, 12:17 PM
Hyphen updated the task description. (Show Details)
Peachey88 closed this task as a duplicate of T187617: Add security.txt to Wikimedia sites?.Dec 8 2021, 12:23 PM
Peachey88 removed projects: Security Incident Response, Security Awareness.
PerfektesChaos subscribed.Dec 8 2021, 12:26 PM

Thank you for your hint. I think it should be considered.

  • It needs to be investigated whether this is common practice today and we should provide that. Basically a “webmaster” is to be contacted somehow.
  • The individual page is not affected, but a single file per WMF subdomain or just domain could be accessed which may all be redirected to the one and only place specifying an e-mail address and perhaps Phabricator security report procedure.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL