docs: improve Security Fund documentation

- Add to README
- Improve wording
This commit is contained in:
Erik Arvstedt 2022-07-22 14:51:31 +02:00
parent 0d58dadf0a
commit 7a129a7e9c
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
2 changed files with 13 additions and 6 deletions

View File

@ -109,6 +109,12 @@ nix-bitcoin aims to achieve a high degree of security by building on the followi
Note that if the machine you're deploying *from* is insecure, there is nothing nix-bitcoin can do to protect itself. Note that if the machine you're deploying *from* is insecure, there is nothing nix-bitcoin can do to protect itself.
Security fund
---
The nix-bitcoin security fund is a 2 of 3 bitcoin multisig address open for donations, used to reward
security researchers who discover vulnerabilities in nix-bitcoin or its upstream dependencies.\
See [Security Fund](./SECURITY.md#nix-bitcoin-security-fund) for details.
Troubleshooting Troubleshooting
--- ---
If you are having problems with nix-bitcoin check the [FAQ](docs/faq.md) or submit an issue.\ If you are having problems with nix-bitcoin check the [FAQ](docs/faq.md) or submit an issue.\

View File

@ -21,17 +21,18 @@ You can import a GPG key by running the following command with that individual
## nix-bitcoin security fund ## nix-bitcoin security fund
The nix-bitcoin security fund is a collection of funds held on the following 2/3 The nix-bitcoin security fund rewards security researchers who discover and
bitcoin multisig address which is used to reward security researchers who report vulnerabilities in nix-bitcoin or its upstream dependencies.\
discover and report vulnerabilities in nix-bitcoin or its upstream dependencies. It is held on a 2 of 3 bitcoin multisig address and is open for donations:
Rewards are paid out as percentages of the total fund, rather than as fixed
amounts.
``` ```
bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy
``` ```
([View balance](https://mempool.nixbitcoin.org/address/bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy)) ([View balance](https://mempool.nixbitcoin.org/address/bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy))
Rewards are paid out as percentages of the total fund, rather than as fixed
amounts.
The nix-bitcoin developers [listed above](#reporting-a-vulnerability) each hold The nix-bitcoin developers [listed above](#reporting-a-vulnerability) each hold
one key to the multisig address and collectively form the nix-bitcoin developer one key to the multisig address and collectively form the nix-bitcoin developer
quorum: quorum: