Skip to content

docs: add SECURITY.md file#817

Open
qlrd wants to merge 1 commit intoselfcustody:developfrom
qlrd:docs/security-guidelines
Open

docs: add SECURITY.md file#817
qlrd wants to merge 1 commit intoselfcustody:developfrom
qlrd:docs/security-guidelines

Conversation

@qlrd
Copy link
Copy Markdown
Member

@qlrd qlrd commented Jan 8, 2026
edited
Loading

What is this PR for?

The SECURITY.md file is a important guide that indicate the proper communication means when a security flaw is found and cannot be shared to public.

Changes made to:

  • Code
  • Tests
  • Docs
  • CHANGELOG

Did you build the code and tested on device?

  • Yes, build and tested on

What is the purpose of this pull request?

  • Bug fix
  • New feature
  • Docs update
  • Other

@qlrd qlrd force-pushed the docs/security-guidelines branch from 3897bb7 to dbefede Compare January 8, 2026 23:18
@codecov
Copy link
Copy Markdown

codecov Bot commented Jan 8, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.31%. Comparing base (e2a8bf7) to head (44dffc5).

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop     #817   +/-   ##
========================================
  Coverage    97.31%   97.31%           
========================================
  Files           83       83           
  Lines        10614    10614           
========================================
  Hits         10329    10329           
  Misses         285      285

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@qlrd qlrd force-pushed the docs/security-guidelines branch 3 times, most recently from ebbe2ea to b4fd3a4 Compare January 9, 2026 12:07
joaozinhom
joaozinhom suggested changes Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown

@joaozinhom joaozinhom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I totally agree with this documentation PR, but the links are broken, and don't show me the keys of odudex and jdcl, i also couldn't locate it in the key servers did they publish it?

just to show how i think this should be, following the commands to get my actual pubkey would be simple:

gpg --receive-keys 39163CE12ADCDC208095959B2FDC1C998EC79D5D

and you can find my key in the following links:
https://keyserver.ubuntu.com/pks/lookup?search=39163CE12ADCDC208095959B2FDC1C998EC79D5D&fingerprint=on&op=index

https://keys.openpgp.org/search?q=joaomcr%40proton.me

@qlrd qlrd force-pushed the docs/security-guidelines branch from b4fd3a4 to ec0fa3d Compare April 15, 2026 00:17
@qlrd qlrd marked this pull request as draft April 15, 2026 00:19
@qlrd qlrd force-pushed the docs/security-guidelines branch from ec0fa3d to f801625 Compare April 15, 2026 00:24
@qlrd qlrd marked this pull request as ready for review April 15, 2026 00:30
@qlrd qlrd requested a review from joaozinhom April 15, 2026 00:30
joaozinhom
joaozinhom suggested changes Apr 15, 2026
View reviewed changes
Comment thread SECURITY.md Outdated
You may use the PGP public key to encrypt your mail:

```bash
curl -s https://api.github.com/users/odudex/gpg_keys | gpg --import
Copy link
Copy Markdown

@joaozinhom joaozinhom Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this command don't give me the odudex key

Image

Copy link
Copy Markdown

@joaozinhom joaozinhom Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Except for this command this PR looks ready to go to me

Copy link
Copy Markdown
Member Author

@qlrd qlrd Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, dumbme. Updated to: curl -s https://api.github.com/users/odudex/gpg_keys | jq -r '.[] | .raw_key' | gpg --import

@qlrd
docs: add SECURITY.md file
44dffc5 
The `SECURITY.md` file is a important guide that indicate the proper
communication means when a security flaw is found and cannot be shared
to public.
@qlrd qlrd force-pushed the docs/security-guidelines branch from f801625 to 44dffc5 Compare April 15, 2026 16:08
@joaozinhom
Copy link
Copy Markdown

joaozinhom commented Apr 16, 2026

ACK 44dffc5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@joaozinhom joaozinhom joaozinhom approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@qlrd @joaozinhom