Add security.txt

Add a security.txt to Whonixs domains?

In short: For security researcher to easier find how to report security vulnerabilities.

Could easily be generated at: securitytxt.org

1 Like

I am tending to think no. Not seeing the upside here. Something to added maintenance effort for something that has low usage which I might forget updating.

Seems pretty theoretical that a security bug reported would fail to perform a web search “whonix contact” or “whonix contact security” and not finding it.

I see, but just to keep it simple, you could just add the: Contact - Whonix link to it, maybe your mail to and skip the PGP part. Then it shouldn’t be harder than maintaining robots.txt imho. See: https://detecitfy.com/.well-known/security.txt for inspiration

I still think Whonix should encourage the use of security.txt

Btw, a search generates metadata too.

I like the KISS principle: Keep it simple, stupid.