dash/SECURITY.md
fanquake 8bcfec2167 Merge bitcoin/bitcoin#23466: doc: Suggest keys.openpgp.org as keyserver in SECURITY.md
90f1f849e9f5a0c1855b72824af38b9aa24d5287 doc: Suggest `keys.openpgp.org` as keyserver in SECURITY.md (Tim Ruffing)

Pull request description:

  `--recv-keys` without a `--keyserver` arg simply failed for me on a fresh Arch Linux installation, so I think it's a good idea to suggest a keyserver. OpenPGP ecosystem is broken in a number of ways, so the right way to approach this issue has some potential for bikeshedding. But the only thing that this PR does is to keep `SECURITY.md` in line with the instructions for builder keys, where there was agreement on switching to `keys.openpgp.org` (#22688).

ACKs for top commit:
  MarcoFalke:
    review ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287
  laanwj:
    Review ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287
  hebasto:
    ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287, agree with arguments above.
  Zero-1729:
    ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287

Tree-SHA512: 1ab20c837cd952aa32b57473772cbfd33411a08db6e88b951bce38f76a3c509c0e91d6944ec0ca5eac8d5eb4d98a5489276d55691328f2e2556b2640f8e7c108
2022-04-03 18:46:47 -05:00

804 B
Raw Permalink Blame History

Security Policy

Supported Versions

Version Supported
0.17
0.16
< 0.16

Reporting a Vulnerability

To report security issues send an email to security@dash.org (not for support).

The following keys may be used to communicate sensitive information to developers:

Name Fingerprint
UdjinM6 3F5D 48C9 F002 93CD 365A 3A98 8359 2BD1 400D 58D9
Pasta 2959 0362 EC87 8A81 FD3C 202B 5252 7BED ABE8 7984

You can import a key by running the following command with that individuals fingerprint: gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>" Ensure that you put quotes around fingerprints containing spaces.