RFC - Security Process Update #13
Conversation
|
Thanks for submitting! I can be shepherd for this one. Does it make sense to then assign it to me? Also: @j01tz, is this ready for a first review by the community, or are you still working on it? |
|
@lehnberg that sounds good, thanks. I'd like to maybe take one more pass today then I'll mark as ready for review. |
|
I went back and forth on adding the canaries section. It may be overkill but I thought it was at least worth mentioning for consideration. Set as ready for review now, thanks! |
lehnberg
changed the title
text/0000-security-process.md
Outdated
|
|
||
| Likewise 'Chain Splits' is not defined well enough and would probably be better | ||
| tracked and managed outside of the formal security policy, or with a sub-team, | ||
| at least until the language and tooling are better defined and stable. |
There was a problem hiding this comment.
I'm actually not sure we have even started work on that Chain Split monitoring tool (@antiochp, @yeastplume do you know?). For sure it doesn't belong in here in any case, and might be better to just say it's moved into a Github Issue for /grin repo.
There was a problem hiding this comment.
I updated with a statement that the section would be moved to a github issue but I have not yet created and linked the issue. I'll wait to hear from others before I add more details here.
The tool would be nice to have but perhaps challenging with current resource level. A github issue sounds fine to me for now if it is something that makes sense to keep on the radar.
|
I refactored a lot of the The feedback so far is very much appreciated, please keep it coming! |
|
🎉 Wohooo! This RFC has now been merged! 🤸♀️ |
Initial WIP for an RFC describing changes to improve Grin's Security Process by adopting a community vulnerability disclosure standard.
Rendered link to RFC document
Tracking issue: mimblewimble/grin-pm#178