Skip to content

Commit

Permalink
SECURITY.md: Tell them to spam me, and include our GPG fingerprints.
Browse files Browse the repository at this point in the history
Added Alex since he's Release Captain this time.

Changelog-Added: SECURITY.md: Where to send sensitive bug reports, and dev GPG fingerprints.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
  • Loading branch information
rustyrussell committed Feb 6, 2023
1 parent 4560781 commit ef9a3a6
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Security Policy

## Supported Versions

We have a 3 month release cycle, and the last two versions are supported.

## Reporting a Vulnerability

To report security issues send an email to rusty@rustcorp.com.au, or
security@bockstream.com (not for support).

## Signatures For Releases

The following keys may be used to communicate sensitive information to
developers, and to validate signatures on releases:

| Name | Fingerprint |
|------|-------------|
| Rusty Russell | 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 |
| Christian Decker | B731 AAC5 21B0 1385 9313 F674 A26D 6D9F E088 ED58 |
| Lisa Neigut | 30DE 693A E0DE 9E37 B3E7 EB6B BFF0 F678 10C1 EED1 |
| Alex Myers | 0437 4E42 789B BBA9 462E 4767 F3BF 63F2 7474 36AB |

You can import a key by running the following command with that individual’s fingerprint: `gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.

0 comments on commit ef9a3a6

Please sign in to comment.