dash/SECURITY.md

# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 0.17    | :white_check_mark: |
| 0.16    | :white_check_mark: |
| < 0.16  | :x:                |

## Reporting a Vulnerability

To report security issues send an email to security@dash.org (not for support).

The following keys may be used to communicate sensitive information to developers:

| Name | Fingerprint |
|------|-------------|
| UdjinM6 | 3F5D 48C9 F002 93CD 365A 3A98 8359 2BD1 400D 58D9 |
| Pasta | 2959 0362 EC87 8A81 FD3C 202B 5252 7BED ABE8 7984 |

You can import a key by running the following command with that individual’s fingerprint: `gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.
-												Merge #16140: docs: create security policy

fdd7fa19a docs: create security policy (Neha Narula)

Pull request description:

  Github has started supporting SECURITY.md to contain a project's
  security policy. Right now, the only place to find this project's
  security contact is on bitcoincore.org. Adding this information to the
  repository makes it easier to find as SECURITY.md becomes a standard.

  This is copied almost exactly from https://bitcoincore.org/en/contact/
  and based on conversations with EthanHeilman.

ACKs for commit fdd7fa:
  laanwj:
    ACK fdd7fa19a9fdc6f15208280201e0ce186e35a9c8

Tree-SHA512: 9d6b93d10fff6e9c7a5cb6d8c1f0660623cd7a015abac7738f2aa9d141075456e71612b830eb5c707275529e2099fb41a44c531e29d821c9d2857d22241a91c3

											
										
										
											2019-06-05 15:30:17 +02:00
+								# Security Policy
 								## Supported Versions
 								| Version | Supported          |
 								| ------- | ------------------ |
 								| 0.17    | :white_check_mark: |
 								| 0.16    | :white_check_mark: |
-												docs: Adjust SECURITY.md

											
										
										
											2021-07-13 01:13:35 +02:00
+								| < 0.16  | :x:                |
-												Merge #16140: docs: create security policy

fdd7fa19a docs: create security policy (Neha Narula)

Pull request description:

  Github has started supporting SECURITY.md to contain a project's
  security policy. Right now, the only place to find this project's
  security contact is on bitcoincore.org. Adding this information to the
  repository makes it easier to find as SECURITY.md becomes a standard.

  This is copied almost exactly from https://bitcoincore.org/en/contact/
  and based on conversations with EthanHeilman.

ACKs for commit fdd7fa:
  laanwj:
    ACK fdd7fa19a9fdc6f15208280201e0ce186e35a9c8

Tree-SHA512: 9d6b93d10fff6e9c7a5cb6d8c1f0660623cd7a015abac7738f2aa9d141075456e71612b830eb5c707275529e2099fb41a44c531e29d821c9d2857d22241a91c3

											
										
										
											2019-06-05 15:30:17 +02:00
 								## Reporting a Vulnerability
-												docs: Adjust SECURITY.md

											
										
										
											2021-07-13 01:13:35 +02:00
+								To report security issues send an email to security@dash.org (not for support).
-												Merge #16140: docs: create security policy

fdd7fa19a docs: create security policy (Neha Narula)

Pull request description:

  Github has started supporting SECURITY.md to contain a project's
  security policy. Right now, the only place to find this project's
  security contact is on bitcoincore.org. Adding this information to the
  repository makes it easier to find as SECURITY.md becomes a standard.

  This is copied almost exactly from https://bitcoincore.org/en/contact/
  and based on conversations with EthanHeilman.

ACKs for commit fdd7fa:
  laanwj:
    ACK fdd7fa19a9fdc6f15208280201e0ce186e35a9c8

Tree-SHA512: 9d6b93d10fff6e9c7a5cb6d8c1f0660623cd7a015abac7738f2aa9d141075456e71612b830eb5c707275529e2099fb41a44c531e29d821c9d2857d22241a91c3

											
										
										
											2019-06-05 15:30:17 +02:00
 								The following keys may be used to communicate sensitive information to developers:
 								| Name | Fingerprint |
 								|------|-------------|
-												docs: Adjust SECURITY.md

											
										
										
											2021-07-13 01:13:35 +02:00
+								| UdjinM6 | 3F5D 48C9 F002 93CD 365A 3A98 8359 2BD1 400D 58D9 |
 								| Pasta | 2959 0362 EC87 8A81 FD3C 202B 5252 7BED ABE8 7984 |
-												Merge #16140: docs: create security policy

fdd7fa19a docs: create security policy (Neha Narula)

Pull request description:

  Github has started supporting SECURITY.md to contain a project's
  security policy. Right now, the only place to find this project's
  security contact is on bitcoincore.org. Adding this information to the
  repository makes it easier to find as SECURITY.md becomes a standard.

  This is copied almost exactly from https://bitcoincore.org/en/contact/
  and based on conversations with EthanHeilman.

ACKs for commit fdd7fa:
  laanwj:
    ACK fdd7fa19a9fdc6f15208280201e0ce186e35a9c8

Tree-SHA512: 9d6b93d10fff6e9c7a5cb6d8c1f0660623cd7a015abac7738f2aa9d141075456e71612b830eb5c707275529e2099fb41a44c531e29d821c9d2857d22241a91c3

											
										
										
											2019-06-05 15:30:17 +02:00
-												Merge bitcoin/bitcoin#23466: doc: Suggest `keys.openpgp.org` as keyserver in SECURITY.md

90f1f849e9f5a0c1855b72824af38b9aa24d5287 doc: Suggest `keys.openpgp.org` as keyserver in SECURITY.md (Tim Ruffing)

Pull request description:

  `--recv-keys` without a `--keyserver` arg simply failed for me on a fresh Arch Linux installation, so I think it's a good idea to suggest a keyserver. OpenPGP ecosystem is broken in a number of ways, so the right way to approach this issue has some potential for bikeshedding. But the only thing that this PR does is to keep `SECURITY.md` in line with the instructions for builder keys, where there was agreement on switching to `keys.openpgp.org` (#22688).

ACKs for top commit:
  MarcoFalke:
    review ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287
  laanwj:
    Review ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287
  hebasto:
    ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287, agree with arguments above.
  Zero-1729:
    ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287

Tree-SHA512: 1ab20c837cd952aa32b57473772cbfd33411a08db6e88b951bce38f76a3c509c0e91d6944ec0ca5eac8d5eb4d98a5489276d55691328f2e2556b2640f8e7c108

											
										
										
											2021-11-08 23:40:23 +01:00
+								You can import a key by running the following command with that individual’s fingerprint: `gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.