| 27 Nov 2024 |
 hexa | implementing well-known security is what is currently missing | 01:40:16 |
| hexa | https://en.wikipedia.org/wiki/Security.txt | 01:41:03 |
| hexa | https://datatracker.ietf.org/doc/html/rfc9116 | 01:41:15 |
| hexa | you kinda went in without a concrete plan | 01:41:41 |
| hexa | prior art was linked early on and not acted upon | 01:42:01 |
 crertel | I was asking for a plan, and the information you just gave me--which would've been helpful to have on a comment on that PR--is a big help. Thank you! | 01:42:05 |
| crertel | There's another philosophical question which is: would it be a good idea to put security right on the navbar? My personal bet is yes, because:
- there was a semi-high-profile kerfluffle earlier this year and not having an obvious single touchpoint seems to have hurt there.
- more generally (outside of internal NixOS stuff), one of the hugely useful things about using NixOS is supply chain integrity and other things of interest to security-conscious users.
| 01:45:33 |
