aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--SECURITY.md2
-rw-r--r--config/default.yaml2
-rw-r--r--config/production.yaml.example2
3 files changed, 3 insertions, 3 deletions
diff --git a/SECURITY.md b/SECURITY.md
index 37ed19246..5c668a2a3 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -30,7 +30,7 @@ To encourage vulnerability research and to avoid any confusion between good-fait
30- Avoid violating the privacy of others, disrupting our systems, destroying data, and/or harming user experience. 30- Avoid violating the privacy of others, disrupting our systems, destroying data, and/or harming user experience.
31- Use only the Official Channels to discuss vulnerability information with us. 31- Use only the Official Channels to discuss vulnerability information with us.
32- Keep the details of any discovered vulnerabilities confidential until they are fixed, according to the Disclosure Terms in this policy. 32- Keep the details of any discovered vulnerabilities confidential until they are fixed, according to the Disclosure Terms in this policy.
33- Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope. 33- Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope. Systems currently considered in-scope are the official demonstration/test servers provided by the PeerTube development team.
34- If a vulnerability provides unintended access to data: Limit the amount of data you access to the minimum required for effectively demonstrating a Proof of Concept; and cease testing and submit a report immediately if you encounter any user data during testing, such as Personally Identifiable Information (PII), Personal Healthcare Information (PHI), credit card data, or proprietary information. 34- If a vulnerability provides unintended access to data: Limit the amount of data you access to the minimum required for effectively demonstrating a Proof of Concept; and cease testing and submit a report immediately if you encounter any user data during testing, such as Personally Identifiable Information (PII), Personal Healthcare Information (PHI), credit card data, or proprietary information.
35- You should only interact with test accounts you own or with explicit permission from the account holder. 35- You should only interact with test accounts you own or with explicit permission from the account holder.
36- Do not engage in extortion. 36- Do not engage in extortion.
diff --git a/config/default.yaml b/config/default.yaml
index adac9deeb..ab07bfedd 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -142,7 +142,7 @@ instance:
142 # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:' 142 # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
143 robots: | 143 robots: |
144 User-agent: * 144 User-agent: *
145 Disallow: '' 145 Disallow:
146 # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. 146 # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
147 securitytxt: 147 securitytxt:
148 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" 148 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
diff --git a/config/production.yaml.example b/config/production.yaml.example
index ca7b936c2..f9557b8eb 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -156,7 +156,7 @@ instance:
156 # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:' 156 # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
157 robots: | 157 robots: |
158 User-agent: * 158 User-agent: *
159 Disallow: '' 159 Disallow:
160 # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. 160 # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
161 securitytxt: 161 securitytxt:
162 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" 162 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"