Maniphest T406040

provide security.txt: information for security researchers
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	dena
	Sep 30 2025, 2:45 PM

Tags

Referenced Files

None

Subscribers

Description

On wikibase.cloud wikis a robots.txt gets served, in order to express expected behaviour of scripts and bots with good intentions.

Similarly, on the web there exists a generally known place where to look for contact details for ethical security researchers: security.txt

Required are at least two fields:

a contact email address
an expiry date for the provided information

more information: https://securitytxt.org/

helpful links:

ACs:

relevant information can be accessed via HTTPS in plaintext
- for the platform UI
  - https://wikibase.cloud/security.txt
  - https://wikibase.cloud/.well-known/security.txt
- for hosted wikis
  - (example) https://coffeebase.wikibase.cloud/security.txt
  - (example) https://coffeebase.wikibase.cloud/.well-known/security.txt
- for hosted wikis with custom domains
  - (example) https://wikibae.de/security.txt
  - (example) https://wikibae.de/.well-known/security.txt

Related Objects

Mentioned Here: T187617: Add security.txt to Wikimedia sites?
T337949: Add security.txt to Wikimedia sites? (2023 edition)

Event Timeline

dena created this task.Sep 30 2025, 2:45 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 30 2025, 2:45 PM

Reedy added a project: Security.Sep 30 2025, 7:24 PM

See also: T187617: Add security.txt to Wikimedia sites?, T337949: Add security.txt to Wikimedia sites? (2023 edition).