security.txt not well-formatted #94
Description
Hi everyone,
When I ran sectxt against securitytxt.org, I noticed that the security.txt file is not validated successfully.
$ curl -LSs https://raw.githubusercontent.com/securitytxt/securitytxt.org/master/.well-known/security.txt | hexyl
┌────────┬─────────────────────────┬─────────────────────────┬────────┬────────┐
│00000000│ 2d 2d 2d 2d 2d 42 45 47 ┊ 49 4e 20 50 47 50 20 53 │-----BEG┊IN PGP S│
│00000010│ 49 47 4e 45 44 20 4d 45 ┊ 53 53 41 47 45 2d 2d 2d │IGNED ME┊SSAGE---│
│00000020│ 2d 2d 0a 48 61 73 68 3a ┊ 20 53 48 41 35 31 32 0a │--_Hash:┊ SHA512_│
[...]
Here you see that the first line ends with \n; but RFC 9116 specifies the cleartext header lines to end in \r\n:
cleartext-header = %s"-----BEGIN PGP SIGNED MESSAGE-----" CRLF
[...]
CRLF = CR LF
My guess is that this happens due to Git, which normalizes newlines. You can ask Git to treat the file as binary using a .gitattributes file.
Please note: this is also true for other lines of the cleartext message, except for the actual cleartext body.