docs: add docs/audit.md and fix broken README links (closes #5)#7
Open
abhicris wants to merge 1 commit intoluxfi:mainfrom
Open
docs: add docs/audit.md and fix broken README links (closes #5)#7abhicris wants to merge 1 commit intoluxfi:mainfrom
abhicris wants to merge 1 commit intoluxfi:mainfrom
Conversation
The README linked to `docs/audit.md`, `docs/api.md`, and `docs/integration.md` — none of which exist. This confuses users evaluating the library for production use. - Add `docs/audit.md` that honestly states external-audit status is "not yet commissioned", lists upstream primitive audits that users can rely on, documents known limitations, and points at the responsible-disclosure contact. The audit-log table is left empty for future audits to be appended. - Replace the two other dangling links (`api.md`, `integration.md`) with links to docs that actually exist in the repo today (`FROST.md`, `Broadcast.md`, `LUX_INTEGRATION.md`). Closes luxfi#5.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #5.
The README links to
docs/audit.md,docs/api.md, anddocs/integration.md— none of which exist in the tree today. This is particularly confusing for the audit link, since it leaves an evaluator unable to tell whether the library has been audited.Changes
docs/audit.mdthat honestly states external-audit status is "not yet commissioned", lists upstream primitive audits users can rely on (dcrd secp256k1, taurushq multi-party-sig, filippo edwards25519), documents known limitations (network layer, HSM claim, identifiable-abort caveats), and points atsecurity@lux.networkfor responsible disclosure. The audit-log table is left empty for future audits to be appended.FROST.md,Broadcast.md,LUX_INTEGRATION.md).Why the honest framing
A cryptographic-library README that claims "Audited Features" but links to a missing audit doc sets up the wrong expectation with downstream integrators. Better to be explicit about what has and hasn't been reviewed.
Happy to iterate on the text if the maintainers have concrete audit results they'd like linked instead.