Re: [specification] Interesting new movement to include "security.txt" files in projects

Helio Chissini de Castro

My 2c's

Honestly think that we are starting to overpopulate root project dirs. 
Not only LICENSE anymore, it goes for a number of files and this needs to have more control that what is today.
Just for a few examples:

The list is already crowded and does not have a single common pattern. ( Note that i'm not even dealing with the fact that we have plenty of other files dev related, like linters, etc.. with their own config )

So, saying that, I'm really not against this new file as information is relevant, but we need to push as formal subfolder or similar idea to aggregate all this info. i.e, github put the things under .github, etc..

Having only README on top folder and something called as let's say as example, .project where we keep all this files, even more if some organization or company need to add specifics. 

Then my point is thumbs up for the idea, better start to think on how not to make project codes visually crowded.


On Tue, Mar 21, 2023 at 12:18 PM Steve Kilbane <stephen.kilbane@...> wrote:

Is this JUST for web services? The location section focuses on a fixed URL rather than, say, a location within a source repo. But then, I've barely skimmed the document.


From: specification@... <specification@...> on behalf of Shane Coughlan <scoughlan@...>
Date: Tuesday, 21 March 2023 at 09:02
To: OpenChain Main <main@...>, OpenChain Specification <specification@...>
Subject: [specification] Interesting new movement to include "security.txt" files in projects


Jeff flagged this on our monthly call (2023-03-21);!!A3Ni8CS0y2Y!4oNmnVaJi1ThUDrgRh9uv_JNA453-F3t53lxrZas_EttVsn4Meu5Sekc11vsYinHcOzc-V7xZlKX5iXMiun22KfB2WF-Mz4$

It is like LICENSE files but for security.

What do you think? Have you heard about this? Useful in your workflow?

Join to automatically receive all group messages.