Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document accepting external contributions #514

Merged
merged 3 commits into from
Sep 17, 2018
Merged

Document accepting external contributions #514

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
82c7403
Document accepting external contributions
lukechilds Sep 11, 2018
7f27f2a
Update MAINTAINING.md
sindresorhus Sep 17, 2018
e38097b
Update MAINTAINING.md
sindresorhus Sep 17, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions MAINTAINING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,12 @@ $ ./signedchecksum
```

It will create a file called `SHASUMS256.txt.asc` that you need to upload to the GitHub release manually.

## External Contributions

We need to be very careful accepting external contributions, especially adding new currencies and Electrum servers. An imposter could add what appears to be an official token or coin. If it's an ERC20 token and the contract address is fake, they could sell worthless tokens as what appear to be an established token. If it's a standalone currency and the Electrum servers are malicious, they could essentially reverse swaps by only fulfilling them on their fake Electrum chain but not on the real chain.

Before accepting external contributions adding new currencies we should:

- Verify the ERC20 contract address is genuine.
- Verify the Electrum servers are genuine.