Merge fort-nix/nix-bitcoin#522: docs: improve Security Fund
documentation
7a129a7e9c
docs: improve `Security Fund` documentation (Erik Arvstedt) Pull request description: ACKs for top commit: jonasnick: ACK7a129a7e9c
Tree-SHA512: 140e2d40644cb3a600d774169165f09f7110835d05d17859af485edf89ffa02df01689af7695b9921d71609533e3ee62f6255a8b54c4c599a88557789a755fe9
This commit is contained in:
commit
541c12e8fe
@ -110,6 +110,12 @@ nix-bitcoin aims to achieve a high degree of security by building on the followi
|
||||
|
||||
Note that if the machine you're deploying *from* is insecure, there is nothing nix-bitcoin can do to protect itself.
|
||||
|
||||
Security fund
|
||||
---
|
||||
The nix-bitcoin security fund is a 2 of 3 bitcoin multisig address open for donations, used to reward
|
||||
security researchers who discover vulnerabilities in nix-bitcoin or its upstream dependencies.\
|
||||
See [Security Fund](./SECURITY.md#nix-bitcoin-security-fund) for details.
|
||||
|
||||
Troubleshooting
|
||||
---
|
||||
If you are having problems with nix-bitcoin check the [FAQ](docs/faq.md) or submit an issue.\
|
||||
|
13
SECURITY.md
13
SECURITY.md
@ -21,17 +21,18 @@ You can import a GPG key by running the following command with that individual
|
||||
|
||||
## nix-bitcoin security fund
|
||||
|
||||
The nix-bitcoin security fund is a collection of funds held on the following 2/3
|
||||
bitcoin multisig address which is used to reward security researchers who
|
||||
discover and report vulnerabilities in nix-bitcoin or its upstream dependencies.
|
||||
Rewards are paid out as percentages of the total fund, rather than as fixed
|
||||
amounts.
|
||||
|
||||
The nix-bitcoin security fund rewards security researchers who discover and
|
||||
report vulnerabilities in nix-bitcoin or its upstream dependencies.\
|
||||
It is held on a 2 of 3 bitcoin multisig address and is open for donations:
|
||||
```
|
||||
bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy
|
||||
```
|
||||
([View balance](https://mempool.nixbitcoin.org/address/bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy))
|
||||
|
||||
|
||||
Rewards are paid out as percentages of the total fund, rather than as fixed
|
||||
amounts.
|
||||
|
||||
The nix-bitcoin developers [listed above](#reporting-a-vulnerability) each hold
|
||||
one key to the multisig address and collectively form the nix-bitcoin developer
|
||||
quorum:
|
||||
|
Loading…
Reference in New Issue
Block a user