Skip to content

Add security policy with PGP keys #1589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 5, 2022
Merged

Add security policy with PGP keys #1589

merged 1 commit into from
Jul 5, 2022

Conversation

TheBlueMatt
Copy link
Collaborator

Closes #1246.

@codecov-commenter
Copy link

codecov-commenter commented Jul 2, 2022
edited
Loading

Codecov Report

Merging #1589 (5506360) into main (f3d5b94) will decrease coverage by 0.01%.
The diff coverage is n/a.

❗ Current head 5506360 differs from pull request most recent head 92919c8. Consider uploading reports for the commit 92919c8 to get more accurate results

@@            Coverage Diff             @@
##             main    #1589      +/-   ##
==========================================
- Coverage   91.07%   91.06%   -0.02%     
==========================================
  Files          80       80              
  Lines       44128    44128              
  Branches    44128    44128              
==========================================
- Hits        40190    40183       -7     
- Misses       3938     3945       +7
Impacted Files Coverage Δ
lightning/src/ln/payment_tests.rs 98.88% <0.00%> (-0.38%) ⬇️
lightning/src/util/events.rs 41.66% <0.00%> (-0.33%) ⬇️
lightning/src/ln/functional_tests.rs 97.05% <0.00%> (-0.06%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f3d5b94...92919c8. Read the comment docs.

tnull
tnull previously approved these changes Jul 4, 2022
View reviewed changes
ariard
ariard previously approved these changes Jul 5, 2022
View reviewed changes
Copy link

@ariard ariard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fingerprint attached to my name is correct.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

commit 0a06a6691dc54b5290e2198db8526eb46ece68ea
Author: Matt Corallo <[email protected]>
Date:   Sat Jul 2 15:29:50 2022 +0000

    Add security policy with PGP keys
    
    Closes #1246.

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..c740a188
- --- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security vulnerabilities, including denial-of-service
+vulnerabilities via email to [email protected].
+
+If possible, please PGP-encrypt such emails to the following keys (available on
+keyservers and WKD via `gpg --auto-key-locate wkd  --locate-external-keys
[email protected] [email protected]`). Please include
+your own public key as an attachment or inline for replies.
+
+ * 07DF3E57A548CCFB7530709189BBB8663E2E65CE (Matt Corallo)
+ * 5DBC576CCCF546CA72AB06CE912EF12EA67705F5 (Jeffrey Czyz)
+ * 729E9D9D92C75A5FBFEEE057B5DD717BEF7CA5B1 (Wilmer Paulino)
+ * BD6EED4D339EDBF7E7CE7F8836153082BDF676FD (Elias Rohrer)
+ * 6E0287D8849AE741E47CC586FD3E106A2CE099B4 (Valentine Wallace)
+ * 69CFEA635D0E6E6F13FD9D9136D932FCAC0305F0 (Arik Sosman)
+ * A5A6868D7AA91DD00AC1A67F817FFA028EF61C94 (Antoine Riard)
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpaaGjXqpHdAKwaZ/gX/6Ao72HJQFAmLDktUACgkQgX/6Ao72
HJTYYQ//ShvXv4ChTab7q6mHMYEuU+Fz22j7J37FUvY8lf8a7bGU4DB87jyzxpYx
bQ73Q3o9jl/qlciQqvtfVNrhbuphpkmWl9m2mcjUM/b9dSFJr/b0oauA1B4N87kF
OeMef5K/iiH2bvYkki5nnYOf8FCqnVUVUKRfiZsUtgStLh7tXUaShGPwM7pNsH3b
/0jDAb/dNlnf3XipUW/YPmtqC1KUrz2fyLXg7qX5kTta5q5VyGV1D28HuGfa8dMV
1N/vOt6EkcdoMwfA4AtvY2Eu2n6KUK2/q2lG7DK9IP48fOwd4uFMFCQRLpWd0/vQ
bPP9POa9NJmZ2DhYcu7W8vvu/Ssn2xgyPYvXYEkwoiwWH4V7agRO5oapRzA8xQ95
DpIz6E8szHWaosiHG4JIVGUk06mM/oZrNrhhwJTHnsDFy3RiRBeSFQ3YTFFynvgc
VCjIcq8+rw6AazhAq35k58t6fAvOcpc8GNF0fgNE6pZuT6/OSqgh/vFDrhA4yTqm
1bm3cU4afmEuAVyK+9b7SPvjDgYHOLXm7rQ7W2fGA5HC7hhJJKwadWVNjETliUXZ
goSYuid9ko1nCg/kd5uVGUwG6mHBpXrVDsEjiGAxtCosKPkbHmJEp0m2Rp0n88/F
wIYJBCrcoaGwsdivr8L1Uf1YcGu92Y1APqHCg0LzNhcahyo1PjY=
=wc9K
-----END PGP SIGNATURE-----

SECURITY.md
@@ -0,0 +1,20 @@
# Security Policy
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any thinking how long are we going to backport security fixes ? Or we just advice users to upgrade to latest versions ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, good question. I wasn't gonna think about it until 0.1, at least, but we'll have to talk about it when we get there?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, for sure.

tnull
tnull previously approved these changes Jul 5, 2022
View reviewed changes
@TheBlueMatt TheBlueMatt dismissed stale reviews from tnull and ariard via 92919c8 July 5, 2022 14:25
@TheBlueMatt TheBlueMatt force-pushed the 2022-07-sec-policy branch from 5506360 to 92919c8 Compare July 5, 2022 14:25
@TheBlueMatt
Copy link
Collaborator Author

Squashed the fixup without changes.

@TheBlueMatt TheBlueMatt merged commit dcc445f into lightningdevkit:main Jul 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpaulino wpaulino wpaulino approved these changes

@ariard ariard ariard approved these changes

@tnull tnull tnull left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security Policy
5 participants
@TheBlueMatt @codecov-commenter @tnull @wpaulino @ariard