Talk:Security/Guidelines/Web Security

About Contribute.json

The contribute.json is a good idea. The recommendation for linking to it less so. The current text says:

contribute.json is a text file placed within the root directory of a website that describes what it is, where its source exists, what technologies it uses, and how to reach support and contribute. contribute.json is a Mozilla standard used to describe all active Mozilla websites and projects.

This is cluttering the root space of Web sites. By doing this, we basically capture the URI such as http://example.com/contribute.json and makes it impossible to other projects to use this URI for another semantics. This is called the Well-Known URIs issue. But there are ways to be a good citizen of the Web, by promoting the good practice.

A RFC has been written to mitigate the issue: Defining Well-Known Uniform Resource Identifiers (URIs).

   /.well-known/contribute.json

This comes with an additional constraint:

Well-known URIs are registered on the advice of one or more

Designated Experts (appointed by the IESG or their delegate), with a

Specification Required (using terminology from [RFC5226]). However,

to allow for the allocation of values prior to publication, the

Designated Expert(s) may approve registration once they are satisfied

that such a specification will be published.

I would be happy to help write the spec for it.

The other solution is to use instead the Link pattern

   Link: </somewhere/contribute.json>; rel="contribute"

The same way the value "contribute" would have to be defined.

Karlcow (talk)

---

Karlcow -- there's already a GitHub issue open for this: https://github.com/mozilla/contribute.json/issues/30

Once it gets included as a well-known URI, I will change my recommendation to move it to /.well-known/contribute.json.  :) Apking (talk)