Add security.txt and related files #79
Conversation
This is the signing key for security.txt and the key that researchers can encrypt to if they feel the need to keep communication secret. The private (secret) is stored in Keybase.io to the newhavenio.admins team where only a select few members have access and that membership list can be adjusted over time.
This is based on the template provided by https://securitytxt.org
This is an optional idea but highly encouraged by the specifications.
I copied the policy I have on my static blog site https://tritarget.org/#Privacy%20Policy
| We would like to thank the following for their generous contributions to this | ||
| site: | ||
|
|
||
| * [@sukima](https://tritarget.org/) |
There was a problem hiding this comment.
Well, TBH a name there looked better then
* TODO: Put something here.But yeah. shameless self promotion. 😊
There was a problem hiding this comment.
The Acknowledgement page is optional and in this simple case is likely overkill. With the possibility of PR #101 this also becomes redundant and more maintenance overhead. I think I should reevaluate this PR.
sukima
changed the title
| title: Privacy Policy | ||
| --- | ||
|
|
||
| If you require any more information or have any questions about our privacy policy, please feel free to [contact us by email][ContactInfo]. |
There was a problem hiding this comment.
@jnimety @lourinaldi @ZachBeta we should review this text
There was a problem hiding this comment.
If this copy is used there should be a section concerning the Meetup.com API and our use of it.
There was a problem hiding this comment.
Agreed that we should review the text. @sukima, I'm guessing this is a template? What's the source?
There was a problem hiding this comment.
@danbernier I copy/pasta it from my personal static blog site. I think I google searched for some template. But it looks like I didn't log the original source when I made mine.
The content here was intended to be a placeholder or simply to get things started.
|
Is the GPG signature and public key needed? is it worth having? |
3 participants
Closes #73
Using the security.txt draft spec this PR creates a signed
security.txtfile along with an associated acknowledgements and privacy policy pages.The public key was generated using GnuPG and its associated private key was saved to Keybase.io in the newhavenio.admins team where only a select few members have access and that membership list can be adjusted over time.
The acknowledgements, privacy policy, and PGP key are optional which means they can be removed. I split each out so we can drop the commits if we wish (sans the security.txt which is an easy amend). I included all the features as a kick-start for either inclusion/refinement or discussion.