dash/SECURITY.md
fanquake 8bcfec2167 Merge bitcoin/bitcoin#23466: doc: Suggest keys.openpgp.org as keyserver in SECURITY.md
90f1f849e9f5a0c1855b72824af38b9aa24d5287 doc: Suggest `keys.openpgp.org` as keyserver in SECURITY.md (Tim Ruffing)

Pull request description:

  `--recv-keys` without a `--keyserver` arg simply failed for me on a fresh Arch Linux installation, so I think it's a good idea to suggest a keyserver. OpenPGP ecosystem is broken in a number of ways, so the right way to approach this issue has some potential for bikeshedding. But the only thing that this PR does is to keep `SECURITY.md` in line with the instructions for builder keys, where there was agreement on switching to `keys.openpgp.org` (#22688).

ACKs for top commit:
  MarcoFalke:
    review ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287
  laanwj:
    Review ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287
  hebasto:
    ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287, agree with arguments above.
  Zero-1729:
    ACK 90f1f849e9f5a0c1855b72824af38b9aa24d5287

Tree-SHA512: 1ab20c837cd952aa32b57473772cbfd33411a08db6e88b951bce38f76a3c509c0e91d6944ec0ca5eac8d5eb4d98a5489276d55691328f2e2556b2640f8e7c108
2022-04-03 18:46:47 -05:00

23 lines
804 B
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 0.17 | :white_check_mark: |
| 0.16 | :white_check_mark: |
| < 0.16 | :x: |
## Reporting a Vulnerability
To report security issues send an email to security@dash.org (not for support).
The following keys may be used to communicate sensitive information to developers:
| Name | Fingerprint |
|------|-------------|
| UdjinM6 | 3F5D 48C9 F002 93CD 365A 3A98 8359 2BD1 400D 58D9 |
| Pasta | 2959 0362 EC87 8A81 FD3C 202B 5252 7BED ABE8 7984 |
You can import a key by running the following command with that individuals fingerprint: `gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.