Add a security.txt to Whonixs domains?
In short: For security researcher to easier find how to report security vulnerabilities.
Could easily be generated at: securitytxt.org
1 Like
I am tending to think no. Not seeing the upside here. Something to added maintenance effort for something that has low usage which I might forget updating.
Seems pretty theoretical that a security bug reported would fail to perform a web search “whonix contact” or “whonix contact security” and not finding it.
I see, but just to keep it simple, you could just add the: Contact - Whonix link to it, maybe your mail to and skip the PGP part. Then it shouldn’t be harder than maintaining robots.txt imho. See: https://detecitfy.com/.well-known/security.txt for inspiration
I still think Whonix should encourage the use of security.txt
Btw, a search generates metadata too.
I like the KISS principle: Keep it simple, stupid.