Comments (6)
Apologies for the late feedback on this -- but it seems misguided to allow values that don't adhere to an existing RFC. I understand the argument for ease of use, but I'd argue that ease of parsing against known RFCs should hold precedent in the specification itself. There are specs already, like humans.txt
that are designed for 'ease of human use', so I'd vote for rigidity and technical cleanliness over trying to squeeze unstructured data into this directive.
from security-txt.
I think I can shed a bit of light into that decision - we did in fact toy with that very idea.
The main result of that conversation, however, was that people are free to use tel
and mailto
prefixes as they're valid URIs, but we wanted it to be easier for humans to read and write the files - and we thought that email addresses and phone numbers tend to read more naturally without the prefixes.
In writing a couple of parser implementations I determined it to not be too much extra effort to allow the prefixless phone numbers and email addresses, so it made it into the spec as a balance of "usability" and "not making parsing too difficult"
from security-txt.
Got it, I am adding some language clarifying this to the draft
from security-txt.
Good idea! :)
from security-txt.
Since security.txt is intended to be parsable by programs, the readability is not so important. Simplifying the grammar by just defining the value as an URI would be more homogeneous, and would allow other ways to contact people such as XMPP.
from security-txt.
Done: #81.
from security-txt.
Related Issues (20)
- Defer file systems work to future date HOT 3
- Aligning ISO and CERT language with the draft
- Consider clarifying whether Encryption should point directly to the key HOT 1
- Example of a signed "security.txt" file Header is Missing Hyphen HOT 1
- detached signatures (allow multiple people to sign the security.txt)
- Support distinct policies: bug bounty and external vuln disclosure HOT 3
- Should the datetimes use an ISO8601 profile? HOT 2
- Add a link to the human and machine readable security advisories HOT 7
- Permitted values of Acknowledgments field? HOT 3
- Review my security.txt HOT 4
- Use /.well-known/humans.txt URI instead? HOT 1
- Scope field HOT 9
- Specify allowed encryption schemes HOT 15
- This project appears dead, should someone fork it? HOT 3
- SSH signatures as an alternative to OpenPGP ones HOT 3
- Clarification for Canonical field HOT 2
- @sirathampitak
- Checksum, hashing and notification HOT 2
- A simple field that company can use to share about the last security-related update being introduced ? HOT 4
- a one-off annual cycle check is impossible within exactly one year
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-txt.