This repository has been archived by the owner on Jul 4, 2023. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#25131
Why
Draft
Version 4 still has some nits and expires in January 2019.
There's an (incomplete) validator written in Go.
Comments
Encryption: There are several options (see RFC url above). The key may be made available on the Torproject website (for example torproject.org/about/torproject.asc or torproject.org/.well-known/torproject-public-key.asc), be referenced as above or with dns:...
Policy: the current security policy is a draft and should be published in a (signed) blog post (#5489) and linked from torproject.org/about/contact#security
Hiring: it could help the Torproject to always have an open position for security researchers
Signature: To signing the deb.torproject.org archive signing key (8B904624C5A28654E4539BC2E135A8B41A7BF184) can be used. The standard states:
Adoption
who else?
404
The rails team decided against this practice and uses https://guides.rubyonrails.org/security.html instead (which is something else but also nice to have).
:)
Next
https://eff.org/.well-known/dnt-policy.txt
other .well-known URIs