diff --git a/README.md b/README.md index b083726d661e..6299f61f9fa4 100644 --- a/README.md +++ b/README.md @@ -28,10 +28,12 @@ Core Lightning (previously c-lightning) is a lightweight, highly customizable an [![Irc][IRC-badge]][IRC] This implementation has been in production use on the Bitcoin mainnet since early 2018, with the launch of the [Blockstream Store][blockstream-store-blog]. -We recommend getting started by experimenting on `testnet` (or `regtest`), but the implementation is considered stable and can be safely used on mainnet. +We recommend getting started by experimenting on `testnet` (`testnet4` or `regtest`), but the implementation is considered stable and can be safely used on mainnet. + +## Reach Out to Us Any help testing the implementation, reporting bugs, or helping with outstanding issues is very welcome. -Don't hesitate to reach out to us on [Build-on-L2][bol2], or on the implementation-specific [mailing list][ml1], or on the Lightning Network-wide [mailing list][ml2], or on [CLN Discord][discord], or on [CLN Telegram][telegram], or on IRC at [dev][irc1]/[gen][irc2] channel. +Don't hesitate to reach out to us on [Build-on-L2][bol2], or on the implementation-specific [mailing list][ml1], or on [CLN Discord][discord], or on [CLN Telegram][telegram], or on IRC at [dev][irc1]/[gen][irc2] channel. ## Getting Started @@ -215,7 +217,6 @@ Developers wishing to contribute should start with the developer guide [here](do [bol2-badge]: https://badgen.net/badge/BoL2/chat/blue [bol2]: https://community.corelightning.org [ml1]: https://lists.ozlabs.org/listinfo/c-lightning -[ml2]: https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev [discord-badge]: https://badgen.net/badge/Discord/chat/blue [discord]: https://discord.gg/mE9s4rc5un [telegram-badge]: https://badgen.net/badge/Telegram/chat/blue diff --git a/SECURITY.md b/SECURITY.md index 27717d863963..5ed7542d5ccf 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,19 +6,30 @@ We have a 3 month release cycle, and the last two versions are supported. ## Reporting a Vulnerability -To report security issues send an email to rusty@rustcorp.com.au, or -security@blockstream.com (not for support). +To report security vulnerabilities, please send an email to one of the following addresses: +- `rusty@rustcorp.com.au` +- `security@blockstream.com` + +Note: These email addresses are exclusively for vulnerability reporting. + +For all other inquiries/communication, please refer to the [Reach Out to Us](https://github.com/ElementsProject/lightning?tab=readme-ov-file#reach-out-to-us) section in our README. ## Signatures For Releases The following keys may be used to communicate sensitive information to developers, and to validate signatures on releases: -| Name | Fingerprint | -|------|-------------| -| Rusty Russell | 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 | -| Christian Decker | B731 AAC5 21B0 1385 9313 F674 A26D 6D9F E088 ED58 | -| Lisa Neigut | 30DE 693A E0DE 9E37 B3E7 EB6B BFF0 F678 10C1 EED1 | -| Alex Myers | 0437 4E42 789B BBA9 462E 4767 F3BF 63F2 7474 36AB | - -You can import a key by running the following command with that individual’s fingerprint: `gpg --keyserver hkps://keys.openpgp.org --recv-keys ""` Ensure that you put quotes around fingerprints containing spaces. +| Name | Email | Fingerprint | +|------|-------|-------------| +| Blockstream Security Reporting | `security@blockstream.com` | 1176 542D A98E 71E1 3372 2EF7 4AC8 CC88 6844 A2D6 | +| Rusty Russell | `rusty@rustcorp.com.au` | 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 | +| Christian Decker | `decker@blockstream.com` | B731 AAC5 21B0 1385 9313 F674 A26D 6D9F E088 ED58 | +| Lisa Neigut | `niftynei@gmail.com` | 30DE 693A E0DE 9E37 B3E7 EB6B BFF0 F678 10C1 EED1 | +| Alex Myers | `alex@endothermic.dev` | 0437 4E42 789B BBA9 462E 4767 F3BF 63F2 7474 36AB | +| Peter Neuroth | `pet.v.ne@gmail.com` | 653B 19F3 3DF7 EFF3 E9D1 C94C C3F2 1EE3 87FF 4CD2 | +| Shahana Farooqui | `sfarooqui@blockstream.com` | FE13 58EB 7793 51DB 24E5 555A A327 573C 9758 9BF5 | +| Blockstream CLN Release | `cln@blockstream.com` | 616C 52F9 9D06 12B2 A151 B107 4129 A994 AA7E 9852 | + +You can import a key by running the following command with that individual’s fingerprint: +`gpg --keyserver hkps://keys.openpgp.org --recv-keys ""`. +Ensure that you put quotes around fingerprints containing spaces.