Add well-known security.txt #9890

New Issue

Closed

opened 2025-11-02 08:52:23 -06:00 by GiteaMirror · 5 comments

GiteaMirror commented 2025-11-02 08:52:23 -06:00

Owner

Copy Link

Originally created by @6543 on GitHub (Nov 25, 2022).

Originally assigned to: @6543 on GitHub.

the security.txt described in RFC 9116 should be signed by giteas bot key and should be able to be overwritten ... like other custom templates.

Originally created by @6543 on GitHub (Nov 25, 2022). Originally assigned to: @6543 on GitHub. the [security.txt](https://securitytxt.org/) described in [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116) should be signed by giteas bot key and should be able to be overwritten ... like other custom templates.

GiteaMirror added the type/feature label 2025-11-02 08:52:23 -06:00

GiteaMirror closed this issue 2025-11-02 08:52:23 -06:00

GiteaMirror commented 2025-11-02 08:52:24 -06:00

Author

Owner

Copy Link

@6543 commented on GitHub (Nov 25, 2022):

easyest way would be to just write a template and add this route ...
... more advanced way would be to write a lib that can generate, parse and validate according, and use the instance gpg key for signing if changes where made ... else use the gpg key of gitea-bot to sign

example:

• https://github.com/.well-known/security.txt
• https://www.google.com/.well-known/security.txt
• https://www.dropbox.com/.well-known/security.txt

@6543 commented on GitHub (Nov 25, 2022): easyest way would be to just write a template and add this route ... ... more advanced way would be to write a lib that can generate, parse and validate according, and use the instance gpg key for signing if changes where made ... else use the gpg key of gitea-bot to sign example: - https://github.com/.well-known/security.txt - https://www.google.com/.well-known/security.txt - https://www.dropbox.com/.well-known/security.txt

GiteaMirror commented 2025-11-02 08:52:24 -06:00

Author

Owner

Copy Link

@caesar commented on GitHub (Nov 25, 2022):

Will it be possible for the insurance admin to opt into also receiving reports, or only by replacing the whole file via the templates mechanism?

@caesar commented on GitHub (Nov 25, 2022): Will it be possible for the insurance admin to opt into also receiving reports, or only by replacing the whole file via the templates mechanism?

GiteaMirror commented 2025-11-02 08:52:24 -06:00

Author

Owner

Copy Link

@silverwind commented on GitHub (Nov 25, 2022):

easyest way would be to just write a template

I'd just expose the individual values as config options. Easier to use than custom templates.

@silverwind commented on GitHub (Nov 25, 2022): > easyest way would be to just write a template I'd just expose the individual values as config options. Easier to use than custom templates.

GiteaMirror commented 2025-11-02 08:52:24 -06:00

Author

Owner

Copy Link

@alex19srv commented on GitHub (Jul 7, 2023):

Hello.
I want to implement this feature. My vision: add app.ini-> security section SECURITY_TXT_FILE optional key with path to security.txt file. If key defined and file does not exist - report failure. If not defined/empty - use hardcoded security.txt value.

The reason for such architecture - .ini files do not support multiline values (and if do support security.txt content need to be written in single line - this is inconvenient). Also separate file allow easy support for signed security.txt file content. In such situation I do not see how "individual values as config options" will work better then bulk hardcoded security.txt + custom file (suggestions are welcome if I missed some usecase).

In My version custom security.txt easily supported also as signed version. Fallback for default value will work in 99% cases.

Excuse my english if something not clear.

@alex19srv commented on GitHub (Jul 7, 2023): Hello. I want to implement this feature. My vision: add `app.ini`-> `security` section `SECURITY_TXT_FILE` optional key with path to `security.txt` file. If key defined and file does not exist - report failure. If not defined/empty - use hardcoded `security.txt` value. The reason for such architecture - `.ini` files do not support multiline values (and if do support security.txt content need to be written in single line - this is inconvenient). Also separate file allow easy support for signed `security.txt` file content. In such situation I do not see how "individual values as config options" will work better then bulk hardcoded `security.txt` + custom file (suggestions are welcome if I missed some usecase). In My version custom `security.txt` easily supported also as signed version. Fallback for default value will work in 99% cases. Excuse my english if something not clear.

GiteaMirror commented 2025-11-02 08:52:24 -06:00

Author

Owner

Copy Link

@wxiaoguang commented on GitHub (Jul 8, 2023):

My suggestion is not adding a new config key.

But make Gitea can read serve files in "CustomPath/web-well-known" as its "http://gitea/.well-known" directory. Then users could add anything they like, not only the "security.txt"

@wxiaoguang commented on GitHub (Jul 8, 2023): My suggestion is not adding a new config key. But make Gitea can read serve files in "CustomPath/web-well-known" as its "http://gitea/.well-known" directory. Then users could add anything they like, not only the "security.txt"

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label type/feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#9890