From 1bc05366b03c5c17eb62405b152f032aa5e72d4d Mon Sep 17 00:00:00 2001 From: hinto-janai Date: Fri, 14 Jun 2024 13:33:43 -0400 Subject: [PATCH] docs: update `README.md` & `SECURITY.md` (#143) * reduce cuprate banner size * update readme * update `SECURITY.md * formatting * readme: add todo * update license section * add user book, current about * formatting * formatting --- README.md | 62 ++++++++++++++++++++++++++++++++++++++++++++--------- SECURITY.md | 16 ++++++++------ 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index c38a128..d517973 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,58 @@ -![Cuprate](misc/logo/wordmark/CuprateWordmark.svg) +
+ +An alternative Monero node implementation. ----- - -> An up and coming Rust Monero node. +_(work-in-progress)_ [![Matrix](https://img.shields.io/badge/Matrix-Cuprate-white?logo=matrix&labelColor=grey&logoColor=white)](https://matrix.to/#/#cuprate:monero.social) [![CI](https://github.com/Cuprate/cuprate/actions/workflows/ci.yml/badge.svg)](https://github.com/Cuprate/cuprate/actions/workflows/ci.yml) -Cuprate will be an alternative Monero node written from the ground up in Rust. It -will be able to independently validate Monero consensus rules providing a layer of -security and redundancy for the Monero network. +
-Cuprate will help to protect the network from implementation bugs that could -cause a variety of issues, plus because it's written in a memory safe language Cuprate -will be less likely to suffer from memory safety issues compared to monerod. +## Contents +- [About](#about) +- [Documentation](#documentation) +- [Contributing](#contributing) +- [Security](#security) +- [License](#license) + + + +## About +Cuprate is an effort to create an alternative [Monero](https://getmonero.org) node implementation in [Rust](http://rust-lang.org). + +It will be able to independently validate Monero consensus rules, providing a layer of security and redundancy for the Monero network. + + + +## Documentation +_Cuprate is currently a work-in-progress; documentation will be changing/unfinished._ + +Cuprate maintains various documentation books: + +| Book | Description | +|-----------------------------------------------------------------|------------------------------------------------------------| +| [Cuprate's architecture book](https://architecture.cuprate.org) | Documents Cuprate's internal architecture & implementation | +| [Cuprate's protocol book](https://monero-book.cuprate.org) | Documents the Monero protocol | +| [Cuprate's user book](https://user.cuprate.org) | Practical user-guide for using `cuprated` | + +For crate (library) documentation, see the `Documentation` section in [`CONTRIBUTING.md`](CONTRIBUTING.md). + +## Contributing +See [`CONTRIBUTING.md`](CONTRIBUTING.md). + +## Security +Cuprate has a responsible vulnerability disclosure policy, see [`SECURITY.md`](SECURITY.md). + +## License +The `binaries/` directory is licensed under AGPL-3.0, everything else is licensed under MIT. + +See [`LICENSE`](LICENSE) for more details. diff --git a/SECURITY.md b/SECURITY.md index adab19d..dbfd9aa 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,11 +1,15 @@ # Security Policy -## Supported Versions +## Reporting a vulnerability +If you have discovered a vulnerability within Cuprate, please do not open a GitHub issue or announce it publicly. -We only support the latest version available as it follows monero specifications and older client is therefore prohibited by the network. +Please contact us directly by email using our PGP keys in the [`gpg_keys/`](misc/gpg_keys/) directory or via an encrypted Matrix channel. -## Reporting a Vulnerability +Thanks for being quiet. -If you ever discover a vulnerability, please do not open a github issue. Contact us by mail directly using our pgp keys under the gpg_keys folder in the repository. We're also available on Matrix. -You can also alert us using the *Report a Vulnerability* feature of Github. Thanks for being quiet. We'll always disclose the vulnerability after patching it and encourage everyone to fetch the -security update. +## Contact +Please disclose vulnerabilities to one of the trusted maintainers below: + +| Trusted maintainer | PGP key | Email address | Matrix ID | +|--------------------|---------|---------------|-----------| +| [Boog900](https://github.com/Boog900) | [`boog900.asc`](misc/gpg_keys/boog900.asc) | `boog900@tutanota.com` | `@boog900:monero.social` \ No newline at end of file