I was recently reading RFC-9116, which specifies that a text-based document defining contact addresses for security reporting be defined in the .well-known subdirectory.
I’d love to see support for something like this to be auto-generated for domains. Where can I submit this as a request?
This is a public, open project - the code lives at https://github.com/mail-in-a-box/mailinabox. So you, or anyone, makes a change (to their own copy) and then submits a pull-request to have the change merged into the next revision 
I’m not aware of anyone using these security.txt files for anything, so, unless I’m wrong, I probably would not accept that for Mail-in-a-Box. Which isn’t to say it’s a bad idea, but there’s no upside.
This is reasonable. I suppose if I want it, I can just make it by hand and publish it!
This topic was automatically closed after 61 days. New replies are no longer allowed.