From 0cdbef74f0d29e94040b5ad52053dd49cd70bc3b Mon Sep 17 00:00:00 2001 From: Mathieu Fenniak Date: Sun, 10 May 2026 02:21:17 +0200 Subject: [PATCH] chore: PGP sign .well-known/security.txt [skip ci] (#12502) Sign the distributed version of `.well-known/security.txt`, just like https://forgejo.org/.well-known/security.txt is signed. ``` $ gpg --verify ./security.txt gpg: Signature made Sat 09 May 2026 05:59:29 PM MDT gpg: using EDDSA key 1B638BDF10969D627926B8D9F585D0F99E1FB56F gpg: Good signature from "Forgejo Security " [unknown] Primary key fingerprint: 1B63 8BDF 1096 9D62 7926 B8D9 F585 D0F9 9E1F B56F ``` In the future this signature will have to be updated before the key expires; but as the expiry is already documented in the file this isn't significantly different than the current state. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12502 Reviewed-by: Gusted --- public/.well-known/security.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/public/.well-known/security.txt b/public/.well-known/security.txt index 1e148b001f..d15de1abcc 100644 --- a/public/.well-known/security.txt +++ b/public/.well-known/security.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + # This site is running a Forgejo instance. # Forgejo-related security problems should be reported to the Forgejo security team. # Security problems related to this instance should be reported to its administration. @@ -6,3 +9,11 @@ Contact: mailto:security@forgejo.org Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/1B638BDF10969D627926B8D9F585D0F99E1FB56F Preferred-Languages: en Expires: 2027-06-09T23:59:59.000Z + +-----BEGIN PGP SIGNATURE----- + +iHUEARYKAB0WIQQbY4vfEJadYnkmuNn1hdD5nh+1bwUCaf/KYQAKCRD1hdD5nh+1 +b37sAPsF31EEYpvm21M88Kxjv/YOOJlP2xV94Q94JoYzh5iFqgD/X/1HHOBJHDvc +YR0b3rrGDFxhSl32BOnHF0yuZO8Nugw= +=sEiA +-----END PGP SIGNATURE-----