Skip to content

.well-known/security.txt: Implement RFC 9116#156

Merged
miri64 merged 2 commits intoRIOT-OS:masterfrom
maribu:RFC9116
Jan 13, 2026
Merged

.well-known/security.txt: Implement RFC 9116#156
miri64 merged 2 commits intoRIOT-OS:masterfrom
maribu:RFC9116

Conversation

@maribu
Copy link
Copy Markdown
Member

@maribu maribu commented Jan 12, 2026

This provides the contact details for reporting security findings as per RFC 9116.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 12, 2026
edited
Loading

🚀 PR preview deployed to https://RIOT-OS-riot-os-org-preview-156.surge.sh

@maribu
Copy link
Copy Markdown
Member Author

maribu commented Jan 12, 2026

Not working as naively expected 😦

https://riot-os-riot-os-org-preview-156.surge.sh/.well-known/security.txt

Teufelchen1
Teufelchen1 reviewed Jan 12, 2026
View reviewed changes
miri64
miri64 reviewed Jan 12, 2026
View reviewed changes
@miri64
Copy link
Copy Markdown
Member

miri64 commented Jan 13, 2026

https://riot-os-riot-os-org-preview-156.surge.sh/.well-known/security.txt

Still 404. Is that also in a local setup?

@miri64
Copy link
Copy Markdown
Member

miri64 commented Jan 13, 2026

(might be that surge just not allows for .well-known to be exposed)

@maribu
Copy link
Copy Markdown
Member Author

maribu commented Jan 13, 2026

It is also not in the zip artifact. So I would assume it does not work. But I have no idea who jekyll works :/

@miri64
Copy link
Copy Markdown
Member

miri64 commented Jan 13, 2026

https://riot-os-riot-os-org-preview-156.surge.sh/.well-known/security.txt

Still 404. Is that also in a local setup?

Yes, at least it works with make serve for me (if all dependencies are properly installed).

@maribu
Copy link
Copy Markdown
Member Author

maribu commented Jan 13, 2026

OK, so squash, merge, and hope for the best?

maribu and others added 2 commits January 13, 2026 11:45
@maribu @Teufelchen1 @miri64
.well-known/security.txt: Implement RFC 9116
400764f 
This provides the contact details for reporting security findings as
per [RFC 9116][].

[RFC 9116]: https://datatracker.ietf.org/doc/html/rfc9116

Co-authored-by: Teufelchen <9516484+Teufelchen1@users.noreply.github.com>
Co-authored-by: Martine Lenders <martine.lenders@tu-dresden.de>
@maribu
_tools: add missing maintainers initialization
9508a94 
In the "no requests" branch, the `maintainers` variable was not
initialized. This fixes it.
@miri64
Copy link
Copy Markdown
Member

miri64 commented Jan 13, 2026

OK, so squash, merge, and hope for the best?

Might be, that Githubs upload-artifact action just ignores hidden files. For deployment rsync of _site is used, so let's see.

@miri64 miri64 merged commit 9487f32 into RIOT-OS:master Jan 13, 2026
1 check passed
@maribu maribu deleted the RFC9116 branch January 13, 2026 10:49
@maribu
Copy link
Copy Markdown
Member Author

maribu commented Jan 13, 2026

It worked 🎉

@miri64 miri64 mentioned this pull request Jan 13, 2026
Merged
@miri64
Copy link
Copy Markdown
Member

miri64 commented Jan 13, 2026

From #156 (comment)

Why isn't this in at guide.riot-os.org, too, anyway?

See RIOT-OS/RIOT#21983

@miri64 miri64 mentioned this pull request Jan 13, 2026
Merged
@miri64 miri64 mentioned this pull request Feb 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@miri64 miri64 miri64 approved these changes

+1 more reviewer

@Teufelchen1 Teufelchen1 Teufelchen1 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@maribu @miri64 @Teufelchen1