docs: update README.md & SECURITY.md (#143)
Some checks failed
CI / fmt (push) Has been cancelled
CI / typo (push) Has been cancelled
CI / ci (macos-latest, stable, bash) (push) Has been cancelled
CI / ci (ubuntu-latest, stable, bash) (push) Has been cancelled
CI / ci (windows-latest, stable-x86_64-pc-windows-gnu, msys2 {0}) (push) Has been cancelled

* reduce cuprate banner size

* update readme

* update `SECURITY.md

* formatting

* readme: add todo

* update license section

* add user book, current about

* formatting

* formatting
This commit is contained in:
hinto-janai 2024-06-14 13:33:43 -04:00 committed by GitHub
parent 86c01ab95a
commit 1bc05366b0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 62 additions and 16 deletions

View file

@ -1,16 +1,58 @@
![Cuprate](misc/logo/wordmark/CuprateWordmark.svg) <div align="center">
<img src="misc/logo/wordmark/CuprateWordmark.svg" width="50%"/>
An alternative Monero node implementation.
---- _(work-in-progress)_
> An up and coming Rust Monero node.
[![Matrix](https://img.shields.io/badge/Matrix-Cuprate-white?logo=matrix&labelColor=grey&logoColor=white)](https://matrix.to/#/#cuprate:monero.social) [![CI](https://github.com/Cuprate/cuprate/actions/workflows/ci.yml/badge.svg)](https://github.com/Cuprate/cuprate/actions/workflows/ci.yml) [![Matrix](https://img.shields.io/badge/Matrix-Cuprate-white?logo=matrix&labelColor=grey&logoColor=white)](https://matrix.to/#/#cuprate:monero.social) [![CI](https://github.com/Cuprate/cuprate/actions/workflows/ci.yml/badge.svg)](https://github.com/Cuprate/cuprate/actions/workflows/ci.yml)
Cuprate will be an alternative Monero node written from the ground up in Rust. It </div>
will be able to independently validate Monero consensus rules providing a layer of
security and redundancy for the Monero network.
Cuprate will help to protect the network from implementation bugs that could ## Contents
cause a variety of issues, plus because it's written in a memory safe language Cuprate - [About](#about)
will be less likely to suffer from memory safety issues compared to monerod. - [Documentation](#documentation)
- [Contributing](#contributing)
- [Security](#security)
- [License](#license)
<!--
TODO: add these sections someday.
- [Status](#status) // when we're near v1.0.0
- [Getting help](#getting-help) // issue tracker, user book, matrix channels, etc
- [Build](#build)
- [Windows](#windows)
- [macOS](#macOS)
- [Linux](#Linux)
-->
## About
Cuprate is an effort to create an alternative [Monero](https://getmonero.org) node implementation in [Rust](http://rust-lang.org).
It will be able to independently validate Monero consensus rules, providing a layer of security and redundancy for the Monero network.
<!-- TODO: add some details about what Cuprate is and is not, goals, status -->
## Documentation
_Cuprate is currently a work-in-progress; documentation will be changing/unfinished._
Cuprate maintains various documentation books:
| Book | Description |
|-----------------------------------------------------------------|------------------------------------------------------------|
| [Cuprate's architecture book](https://architecture.cuprate.org) | Documents Cuprate's internal architecture & implementation |
| [Cuprate's protocol book](https://monero-book.cuprate.org) | Documents the Monero protocol |
| [Cuprate's user book](https://user.cuprate.org) | Practical user-guide for using `cuprated` |
For crate (library) documentation, see the `Documentation` section in [`CONTRIBUTING.md`](CONTRIBUTING.md).
## Contributing
See [`CONTRIBUTING.md`](CONTRIBUTING.md).
## Security
Cuprate has a responsible vulnerability disclosure policy, see [`SECURITY.md`](SECURITY.md).
## License
The `binaries/` directory is licensed under AGPL-3.0, everything else is licensed under MIT.
See [`LICENSE`](LICENSE) for more details.

View file

@ -1,11 +1,15 @@
# Security Policy # Security Policy
## Supported Versions ## Reporting a vulnerability
If you have discovered a vulnerability within Cuprate, please do not open a GitHub issue or announce it publicly.
We only support the latest version available as it follows monero specifications and older client is therefore prohibited by the network. Please contact us directly by email using our PGP keys in the [`gpg_keys/`](misc/gpg_keys/) directory or via an encrypted Matrix channel.
## Reporting a Vulnerability Thanks for being quiet.
If you ever discover a vulnerability, please do not open a github issue. Contact us by mail directly using our pgp keys under the gpg_keys folder in the repository. We're also available on Matrix. ## Contact
You can also alert us using the *Report a Vulnerability* feature of Github. Thanks for being quiet. We'll always disclose the vulnerability after patching it and encourage everyone to fetch the Please disclose vulnerabilities to one of the trusted maintainers below:
security update.
| Trusted maintainer | PGP key | Email address | Matrix ID |
|--------------------|---------|---------------|-----------|
| [Boog900](https://github.com/Boog900) | [`boog900.asc`](misc/gpg_keys/boog900.asc) | `boog900@tutanota.com` | `@boog900:monero.social`