security.txt

[travi]

No reason not to

• https://scotthelme.co.uk/say-hello-to-security-txt/
• https://securitytxt.org/

[kjbrum]

@travi I can get this taken care of, what information needs to be added?

[travi]

so, i'm a little on the fence around how to handle this one with current timing. i'm a little cautious about putting an email in the file in clear text for spam reasons.

ideally, we'd point to our contact page, but we dont have one yet. (i could have sworn that i'd created an issue for that previously, but there is one now. My plan for adding the contact page has been to do so after transitioning to the new site so that it doesnt turn into a rabbit hole that delays the transition.

i'd love to include a public key as well, but i'm not sure what the right answer is there either. we do have a keybase team set up, but i'm not sure if that gives us the option of having a public key that we can distribute that enables the team to decrypt messages. if its available, i didnt find it in the brief looking ive done.

while getting this file in place will be straight forward, it might be a little early to do so.