Merge fort-nix/nix-bitcoin#522: docs: improve Security Fund documentation

7a129a7e9c docs: improve `Security Fund` documentation (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 7a129a7e9c

Tree-SHA512: 140e2d40644cb3a600d774169165f09f7110835d05d17859af485edf89ffa02df01689af7695b9921d71609533e3ee62f6255a8b54c4c599a88557789a755fe9
This commit is contained in:
Jonas Nick 2022-07-22 13:42:18 +00:00
commit 541c12e8fe
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
2 changed files with 13 additions and 6 deletions

View File

@ -110,6 +110,12 @@ nix-bitcoin aims to achieve a high degree of security by building on the followi
Note that if the machine you're deploying *from* is insecure, there is nothing nix-bitcoin can do to protect itself.
Security fund
---
The nix-bitcoin security fund is a 2 of 3 bitcoin multisig address open for donations, used to reward
security researchers who discover vulnerabilities in nix-bitcoin or its upstream dependencies.\
See [Security Fund](./SECURITY.md#nix-bitcoin-security-fund) for details.
Troubleshooting
---
If you are having problems with nix-bitcoin check the [FAQ](docs/faq.md) or submit an issue.\

View File

@ -21,17 +21,18 @@ You can import a GPG key by running the following command with that individual
## nix-bitcoin security fund
The nix-bitcoin security fund is a collection of funds held on the following 2/3
bitcoin multisig address which is used to reward security researchers who
discover and report vulnerabilities in nix-bitcoin or its upstream dependencies.
Rewards are paid out as percentages of the total fund, rather than as fixed
amounts.
The nix-bitcoin security fund rewards security researchers who discover and
report vulnerabilities in nix-bitcoin or its upstream dependencies.\
It is held on a 2 of 3 bitcoin multisig address and is open for donations:
```
bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy
```
([View balance](https://mempool.nixbitcoin.org/address/bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy))
Rewards are paid out as percentages of the total fund, rather than as fixed
amounts.
The nix-bitcoin developers [listed above](#reporting-a-vulnerability) each hold
one key to the multisig address and collectively form the nix-bitcoin developer
quorum: