Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: update SECURITY.md #421

Open
wants to merge 1 commit into
base: release/v0.46.x-celestia
Choose a base branch
from
Open

docs: update SECURITY.md #421

wants to merge 1 commit into from

Conversation

pucedoteth
Copy link

Description

Closes: #XXXX

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • added ! to the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • followed the guidelines for building modules
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • included comments for documenting Go code
  • updated the relevant documentation or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic
  • reviewed API design and naming
  • reviewed documentation is accurate
  • reviewed tests and test coverage
  • manually tested (if applicable)

@pucedoteth pucedoteth requested a review from a team as a code owner December 2, 2024 23:49
@pucedoteth pucedoteth requested review from staheri14 and rach-id and removed request for a team December 2, 2024 23:49
@rach-id rach-id changed the title Update SECURITY.md docs: update SECURITY.md Dec 3, 2024
rach-id
rach-id reviewed Dec 3, 2024
View reviewed changes
SECURITY.md
@@ -35,7 +35,7 @@ in for Tendermint and other lower-level libraries (eg. [IAVL](https://github.com

We are interested in bugs in other modules, however the above are most likely to
have significant vulnerabilities, due to the complexity / nuance involved. We
also recommend you to read the [specification](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules/README.md) of each module before digging into
also recommend you to read the [specification](docs/spec/README.md) of each module before digging into
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we want to change this to reference the fork's specs, then these also should be changed to point to our fork:

### Core packages
* [`/baseapp`](https://github.com/cosmos/cosmos-sdk/tree/main/baseapp)
* [`/crypto`](https://github.com/cosmos/cosmos-sdk/tree/main/crypto)
* [`/types`](https://github.com/cosmos/cosmos-sdk/tree/main/types)
* [`/store`](https://github.com/cosmos/cosmos-sdk/tree/main/store)
### Modules
* [`x/auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth)
* [`x/bank`](https://github.com/cosmos/cosmos-sdk/tree/main/x/bank)
* [`x/capability`](https://github.com/cosmos/cosmos-sdk/tree/main/x/capability)
* [`x/staking`](https://github.com/cosmos/cosmos-sdk/tree/main/x/staking)
* [`x/slashing`](https://github.com/cosmos/cosmos-sdk/tree/main/x/slashing)
* [`x/evidence`](https://github.com/cosmos/cosmos-sdk/tree/main/x/evidence)
* [`x/distribution`](https://github.com/cosmos/cosmos-sdk/tree/main/x/distribution)
* [`x/mint`](https://github.com/cosmos/cosmos-sdk/tree/main/x/mint)

and any other thing in this file pointing to upstream.

CC @MSevey what do you think?

@rach-id rach-id self-requested a review December 3, 2024 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@staheri14 staheri14 Awaiting requested review from staheri14 staheri14 is a code owner automatically assigned from celestiaorg/celestia-core

@rach-id rach-id Awaiting requested review from rach-id

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pucedoteth @rach-id