From ac1883bbf7cc6895cb1308ee571cf8d8d4aade08 Mon Sep 17 00:00:00 2001 From: Denis Angell Date: Thu, 16 Nov 2023 12:01:51 +0100 Subject: [PATCH] Update Documentation & README (#192) * update md files * Update RELEASENOTES.XAHAUD.md * fixup * Update README.md * update readme * Update README.md * Update README.md * update review * misc fixup * Update RELEASENOTES.XAHAUD.md * Update README.md --- CONTRIBUTING.md | 19 +++-- LICENSE.md | 2 +- README.md | 72 +++++++++++++++++- RELEASENOTES.XAHAUD.md | 74 +++++++++++++++++++ SECURITY.md | 161 +++++++++++------------------------------ 5 files changed, 197 insertions(+), 131 deletions(-) create mode 100644 RELEASENOTES.XAHAUD.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1d916dcc6..587f7fc97 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,5 @@ -The XRP Ledger has many and diverse stakeholders, and everyone deserves -a chance to contribute meaningful changes to the code that runs the -XRPL. +Xahau has many and diverse stakeholders, and everyone deserves +a chance to contribute meaningful changes to the code that runs Xahau. # Contributing @@ -12,7 +11,7 @@ instructions specific to this project. ## Before you start In general, contributions should be developed in your personal -[fork](https://github.com/XRPLF/rippled/fork). +[fork](https://github.com/xahau/xahaud/fork). The following branches exist in the main project repository: @@ -25,7 +24,7 @@ The tip of each branch must be signed. In order for GitHub to sign a squashed commit that it builds from your pull request, GitHub must know your verifying key. Please set up [signature verification][signing]. -[rippled]: https://github.com/XRPLF/rippled +[rippled]: https://github.com/xahau/xahaud [signing]: https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification @@ -33,8 +32,8 @@ your verifying key. Please set up [signature verification][signing]. ## Major contributions If your contribution is a major feature or breaking change, then you -must first write an XRP Ledger Standard (XLS) describing it. Go to -[XRPL-Standards](https://github.com/XRPLF/XRPL-Standards/discussions), +must first write a Xahau Standard (XLS) describing it. Go to +[Standards](https://github.com/XRPLF/XRPL-Standards/discussions), choose the next available standard number, and open a discussion with an appropriate title to propose your draft standard. @@ -50,12 +49,12 @@ author delegates that responsibility to others. ## Before making a pull request Changes that alter transaction processing must be guarded by an -[Amendment](https://xrpl.org/amendments.html). +[Amendment](https://docs.xahau.network/features/amendments). All other changes that maintain the existing behavior do not need an Amendment. -Ensure that your code compiles according to the build instructions in -[`BUILD.md`](./BUILD.md). +Ensure that your code compiles according to the build instructions in the +[`documentation`](https://docs.xahau.network/infrastructure/building-xahau). If you create new source files, they must go under `src/ripple`. You will need to add them to one of the [source lists](./Builds/CMake/RippledCore.cmake) in CMake. diff --git a/LICENSE.md b/LICENSE.md index e276f4ccd..b9f60c5cf 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -2,7 +2,7 @@ ISC License Copyright (c) 2011, Arthur Britto, David Schwartz, Jed McCaleb, Vinnie Falco, Bob Way, Eric Lombrozo, Nikolaos D. Bougalis, Howard Hinnant. Copyright (c) 2012-2020, the XRP Ledger developers. -Copyright (c) 2021-2024, XRPL Labs. +Copyright (c) 2020-2024, XRPL Labs. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above diff --git a/README.md b/README.md index a8f54bcea..6d4cb4801 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,71 @@ -# The Xahau Ledger +# Xahau -TODO: Doco +**Note:** Throughout this README, references to "we" or "our" pertain to the community and contributors involved in the Xahau network. It does not imply a legal entity or a specific collection of individuals. + +[Xahau](https://xahau.network/) is a decentralized cryptographic ledger that builds upon the robust foundation of the XRP Ledger. It inherits the XRP Ledger's Byzantine Fault Tolerant consensus algorithm and enhances it with additional features and functionalities. Developers and users familiar with the XRP Ledger will find that most documentation and tutorials available on [xrpl.org](https://xrpl.org) are relevant and applicable to Xahau, including those related to running validators and managing validator keys. For Xahau specific documentation you can visit our [documentation](https://docs.xahau.network/) + +## XAH +XAH is the public, counterparty-free asset native to Xahau and functions primarily as network gas. Transactions submitted to the Xahau network must supply an appropriate amount of XAH, to be burnt by the network as a fee, in order to be successfully included in a validated ledger. In addition, XAH also acts as a bridge currency within the Xahau DEX. XAH is traded on the open-market and is available for anyone to access. Xahau was created in 2023 with a supply of 600 million units of XAH. + +## xahaud +The server software that powers Xahau is called `xahaud` and is available in this repository under the permissive [ISC open-source license](LICENSE.md). The `xahaud` server software is written primarily in C++ and runs on a variety of platforms. The `xahaud` server software can run in several modes depending on its configuration. + +### Build from Source + +* [Read the build instructions in our documentation](https://docs.xahau.network/infrastructure/building-xahau) +* If you encounter any issues, please [open an issue](https://github.com/xahau/xahaud/issues) + +## Highlights of Xahau + +1. **Hooks**: Hooks are small, efficient WebAssembly modules designed specifically for Xahau. They add a robust smart contract functionality to Xahau, allowing you to construct and deploy applications with bespoke functionalities. Hooks can block or allow transactions to and from the account, change and keep track of the hook’s internal state and logic, and autonomously initiate new transactions on the account’s behalf. They can be written in any language that can be compiled into WebAssembly. + +2. **Balance Rewards**: Xahau offers a Balance Rewards feature that provides a 4% per annum reward. This feature encourages users to maintain a balance in their accounts and rewards them for doing so. + +3. **URIToken**: The URIToken is a feature in Xahau that allows for the creation and management of non fungible tokens within the network. This feature can be used for a variety of purposes and specific use cases. + +4. **Import/B2M**: The Import/B2M feature in Xahau allows for the importation of assets into the network. This feature can be used to bring external assets into the Xahau network, expanding the range of assets that can be managed and traded within the network. + +5. **Governance Game**: The Governance Game is a feature in Xahau that allows for the decentralized governance of the network. This feature allows users to participate in the decision-making process of the network, ensuring that the network remains democratic and responsive to the needs of its users. + +## Binary Releases and Versioning System + +Xahau provides pre-compiled binary releases of its software, which are ready-to-run versions that users can download and execute without compiling the source code themselves. These binaries are built automatically using GitHub Actions whenever a new commit is pushed or a pull request is merged. + +The versioning system for Xahau binaries is based on the date of the build, the branch name, and a build number, following the format `YYYY.MM.DD-branch+buildnumber`. For example, `2023.10.30-release+443` indicates a binary built on October 30, 2023, from the `release` branch, and it is the 443rd build from that branch. + +Users can access these binaries on the [Xahau Build Server](https://build.xahau.tech/), which provides an organized list of releases along with release notes for each version. This system simplifies the deployment process for users and ensures they can easily identify and download the appropriate version for their needs. + +## Source Code + +Here are some good places to start learning the source code: + +- Read the markdown files in the source tree: `src/ripple/**/*.md`. +- Read [the levelization document](./Builds/levelization) to get an idea of the internal dependency graph. +- In the big picture, the `main` function constructs an `ApplicationImp` object, which implements the `Application` virtual interface. Almost every component in the application takes an `Application&` parameter in its constructor, typically named `app` and stored as a member variable `app_`. This allows most components to depend on any other component. + +### Repository Contents + +| Folder | Contents | +|:-----------|:-------------------------------------------------| +| `./Builds` | Platform-specific guides for building `xahaud`. | +| `./cfg` | Example configuration files. | +| `./src` | Source code. | + +Some of the directories under `src` are external repositories included using +git-subtree. See those directories' README files for more details. + +## Resources + +- **Documentation**: Documentation for XRPL, Xahau and Hooks. + - [Xrpl Documentation](https://xrpl.org) + - [Xahau Documentation](https://docs.xahau.network/) + - [Hooks Technical Documentation](https://xrpl-hooks.readme.io/) +- **Explorers**: Explore the Xahau ledger using various explorers: + - [xahauexplorer.com](https://xahauexplorer.com) + - [xahscan.com](https://xahscan.com) + - [xahau.xrpl.org](https://xahau.xrpl.org) + - [explorer.xahau.network](https://explorer.xahau.network) +- **Testnet & Faucet**: Test applications and obtain test XAH at [xahau-test.net](https://xahau-test.net) and use the testnet explorer at [explorer.xahau.network](https://explorer.xahau.network). +- **Supporting Wallets**: A list of wallets that support XAH and Xahau-based assets. + - [Xumm](https://xumm.app) + - [Crossmark](https://crossmark.io) \ No newline at end of file diff --git a/RELEASENOTES.XAHAUD.md b/RELEASENOTES.XAHAUD.md new file mode 100644 index 000000000..4ca5a457c --- /dev/null +++ b/RELEASENOTES.XAHAUD.md @@ -0,0 +1,74 @@ +# Release Notes + +This document contains the release notes for `xahaud`, the reference server implementation of the Xahau protocol. To learn more about how to build, run or update a `xahaud` server, visit https://docs.xahau.network/infrastructure/peering/connect-to-xahau-mainnet + +Have new ideas? Need help with setting up your node? [Please open an issue here](https://github.com/xahau/xahaud/issues/new/choose). + +# Introducing Xahau version 2023.10.30-release+443 + +Version 2023.10.30-release+443 of `xahaud`, the reference server implementation of the Xahau protocol, is now available at [Build Server](https://build.xahau.tech/). + +[Download Release Binary](https://build.xahau.tech/2023.10.30-release%2B443) + +[Sign Up for Future Release Announcements](https://groups.google.com/g/xahau-server) + + + +## Action Required + +New amendments are now open for voting according to Xahau's [amendment process](https://docs.xahau.network/features/amendments), which enables protocol changes following five days of >80% support from trusted validators. + +If you operate a Xahau server, upgrade to version 2023.10.30-release+443 by October 31 to ensure service continuity. The exact time that protocol changes take effect depends on the voting decisions of the decentralized network. + + +## Install / Upgrade + +On supported platforms, see the [instructions on installing or updating `xahaud`](https://docs.xahau.network/infrastructure/peering/connect-to-xahau-mainnet). + + +## New Amendments + +- **`Hooks`**: This amendment activates hooks and the hook API in the Xahau network, allowing custom logic to be executed on the ledger in response to transactions. + +- **`BalanceRewards`**: This amendment enables `ClaimReward`` and `GenesisMint`` transactions, facilitating balance rewards to be paid in XAH, the Xahau network's native currency. + +- **`PaychanAndEscrowForTokens`**: This amendment allows the use of IOU tokens for PaymentChannels and Escrow transactions, enhancing flexibility and functionality. + +- **`URIToken`**: This amendment activates URITokens, which are non-fungible, hook-friendly tokens in the Xahau network. + +- **`Import`**: This amendment enables the Import transaction for B2M xpop processing, allowing transactions to be imported from another network or system. + +- **`XahauGenesis`**: This amendment activates the genesis amendment for the initial distribution of XAH and the establishment of the governance game. + +- **`HooksUpdate1`**: This amendment extends the hooks API to include Xpop functionality, enabling more complex transactions involving Xpop. + +## Changelog + +### New Features and Improvements + +- **Server Definitions**: The new feature introduces a `server_definitions` endpoint. This endpoint is designed to return a JSON object that contains the definitions of various types, fields, and transaction results used in the Xahau protocol. + +This feature enhances the functionality of the system by providing an efficient way to fetch and verify the current definitions used in the Ripple protocol. + +### GitHub + +The public source code repository for `xahaud` is hosted on GitHub at . + +We welcome all contributions and invite everyone to join the community of Xahau developers to help build the Internet of Value. + +### Credits + +The following people contributed directly to this release: + +- Nikolaos D. Bougalis +- Wietse Wind +- Richard Holland +- Denis Angell + +Bug Bounties and Responsible Disclosures: +We welcome reviews of the rippled code and urge researchers to +responsibly disclose any issues they may find. + +To report a bug, please send a detailed report to: + + bugs@xahau.network \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md index c60ef8c75..1fe5a9efe 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,149 +1,74 @@ -### Operating an XRP Ledger server securely +### Operating the Xahau server securely -For more details on operating an XRP Ledger server securely, please visit https://xrpl.org/manage-the-rippled-server.html. +For more details on operating the Xahau server securely, please visit https://docs.xahau.network/infrastructure/building-xahau. # Security Policy ## Supported Versions -Software constantly evolves. In order to focus resources, we only generally only accept vulnerability reports that affect recent and current versions of the software. We always accept reports for issues present in the **master**, **release** or **develop** branches, and with proposed, [open pull requests](https://github.com/ripple/rippled/pulls). +Software constantly evolves. In order to focus resources, we only generally only accept vulnerability reports that affect recent and current versions of the software. We always accept reports for issues present in the **release**, **candidate** or **dev** branches, and with proposed, [open pull requests](https://github.com/xahau/xahaud/pulls). -## Identifying and Reporting Vulnerabilities +# Responsible Disclosure -We take security seriously and we do our best to ensure that all our releases are bug free. But we aren't perfect and sometimes things will slip through. +## Responsible disclosure policy -### Responsible Investigation +At [Xahau](https://xahau.network) we believe that the security of our systems is extremely important. -We urge you to examine our code carefully and responsibly, and to disclose any issues that you identify in a responsible fashion. +Despite our concern for the security of our systems during product development and maintenance, there's always the possibility of someone finding something we need to improve / update / change / fix / ... -Responsible investigation includes, but isn't limited to, the following: +We appreciate you notifying us if you found a weak point in one of our systems as soon as possible so that we can take measures immediately to protect our customers and their data. -- Not performing tests on the main network. If testing is necessary, use the [Testnet or Devnet](https://xrpl.org/xrp-testnet-faucet.html). -- Not targeting physical security measures, or attempting to use social engineering, spam, distributed denial of service (DDOS) attacks, etc. -- Investigating bugs in a way that makes a reasonable, good faith effort not to be disruptive or harmful to the XRP Ledger and the broader ecosystem. +## How to report -### Responsible Disclosure +If you believe you found a security issue in one of our systems, please notify us as soon as possible by [send an email to bugs@xahau.network](mailto:bugs@xahau.network). -If you discover a vulnerability or potential threat, or if you _think_ -you have, please reach out by dropping an email using the contact -information below. +## Rules -Your report should include the following: +This responsible disclosure policy is not an open invitation to actively scan our network and applications for vulnerabilities. Our continuous monitoring will likely detect your scan and these will be investigated. -- Your contact information (typically, an email address); -- The description of the vulnerability; -- The attack scenario (if any); -- The steps to reproduce the vulnerability; -- Any other relevant details or artifacts, including code, scripts or patches. +### We ask you to: -In your mail, please describe of the issue or the potential threat; if possible, please include a "repro" (code that can reproduce the issue) or describe the best way to reproduce and replicate the issue. Please make your report as extensive as possible. +- Not share information about the security issue with others until the problem is resolved and to immediately delete any confidential data acquired +- Not further abuse the problem, for example, by downloading more data than is necessary in order to demonstrate the leak or to view, delete or amend the data of third parties +- Provide detailed information in order for us to reproduce, validate and resolve the problem as quickly as possible. Include your test data, timestamps and URL(s) of the system(s) involved +- Leave your contact details (e-mail address and/or phone number) so that we may contact you about the progress of the solution. We do accept anonymous reports +- Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties -For more information on responsible disclosure, please read this [Wikipedia article](https://en.wikipedia.org/wiki/Responsible_disclosure). +## Responsible Disclosure procedure(s) -## Report Handling Process +### When you report a security issue, we will act according to the following: -Please report the bug directly to us and limit further disclosure. If you want to prove that you knew the bug as of a given time, consider using a cryptographic precommitment: hash the content of your report and publish the hash on a medium of your choice (e.g. on Twitter or as a memo in a transaction) as "proof" that you had written the text at a given point in time. +- You will receive a confirmation of receipt from us within 4 working days after the report was made +- You will receive a response with the assessment of the security issue and an expected date of resolution within 4 working days after the confirmation of receipt was sent +- We will take no legal steps against you in relation to the report if you have kept to the conditions as set out above +- We will handle your report confidentially and we will not share your details with third parties without your permission, unless that is necessary in order to fulfil a legal obligation -Once we receive a report, we: +### This responsible disclosure scheme is not intended for: -1. Assign two people to independently evaluate the report; -2. Consider their recommendations; -3. If action is necessary, formulate a plan to address the issue; -4. Communicate privately with the reporter to explain our plan. -5. Prepare, test and release a version which fixes the issue; and -6. Announce the vulnerability publicly. +- Complaints +- Website unavailable reports +- Phishing reports +- Fraud reports -We will triage and respond to your disclosure within 24 hours. Beyond that, we will work to analyze the issue in more detail, formulate, develop and test a fix. +For these complaints or reports, please [contact our support team](mailto:bugs@xahau.network). -While we commit to responding with 24 hours of your initial report with our triage assessment, we cannot guarantee a response time for the remaining steps. We will communicate with you throughout this process, letting you know where we are and keeping you updated on the timeframe. +## Bug bounty program -## Bug Bounty Program +[Xahau](https://xahau.network) encourages the reporting of security issues or vulnerabilities. We may make an appropriate reward for confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users' data that was not yet known to us. We decide whether the report is eligible and the amount of the reward. -[Ripple](https://ripple.com) is generously sponsoring a bug bounty program for vulnerabilities in [`rippled`](https://github.com/ripple/rippled) (and other related projects, like [`ripple-lib`](https://github.com/ripple/ripple-lib)). +## Exclusions -This program allows us to recognize and reward individuals or groups that identify and report bugs. In summary, order to qualify for a bounty, the bug must be: +### The following type of security problems are excluded -1. **In scope**. Only bugs in software under the scope of the program qualify. Currently, that means `rippled` and `ripple-lib`. -2. **Relevant**. A security issue, posing a danger to user funds, privacy or the operation of the XRP Ledger. -3. **Original and previously unknown**. Bugs that are already known and discussed in public do not qualify. Previously reported bugs, even if publicly unknown, are not eligible. -4. **Specific**. We welcome general security advice or recommendations, but we cannot pay bounties for that. -5. **Fixable**. There has to be something we can do to permanently fix the problem. Note that bugs in other people’s software may still qualify in some cases. For example, if you find a bug in a library that we use which can compromises the security of software that is in scope and we can get it fixed, you may qualify for a bounty. -6. **Unused**. If you use the exploit to attack the XRP Ledger, you do not qualify for a bounty. If you report a vulnerability used in an ongoing or past attack and there is specific, concrete evidence that suggests you are the attacker we reserve the right not to pay a bounty. +- (D)DOS attacks +- Error messages or error pages without sensitive data +- Tests & sample data as publicly available in our repositories at Github +- Common issues like browser header warnings or DNS configuration, identified by vulnerability scans +- Vulnerability scan reports for software we publicly use +- Security issues related to outdated OS's, browsers or plugins +- Reports for security problems that we have been notified of before -The amount paid varies dramatically. Vulnerabilities that are harmless on their own, but could form part of a critical exploit will usually receive a bounty. Full-blown exploits can receive much higher bounties. Please don’t hold back partial vulnerabilities while trying to construct a full-blown exploit. We will pay a bounty to anyone who reports a complete chain of vulnerabilities even if they have reported each component of the exploit separately and those vulnerabilities have been fixed in the meantime. However, to qualify for a the full bounty, you must to have been the first to report each of the partial exploits. +Please note: Reports that are lacking any proof (such as screenshots or other data), detailed information or details on how to reproduce any unexpected result will be investigated but will not be eligible for any reward. -### Contacting Us - -To report a qualifying bug, please send a detailed report to: - -|Email Address|bugs@ripple.com | -|:-----------:|:----------------------------------------------------| -|Short Key ID | `0xC57929BE` | -|Long Key ID | `0xCD49A0AFC57929BE` | -|Fingerprint | `24E6 3B02 37E0 FA9C 5E96 8974 CD49 A0AF C579 29BE` | - -The full PGP key for this address, which is also available on several key servers (e.g. on [keys.gnupg.net](https://keys.gnupg.net)), is: -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFUwGHYBEAC0wpGpBPkd8W1UdQjg9+cEFzeIEJRaoZoeuJD8mofwI5Ejnjdt -kCpUYEDal0ygkKobu8SzOoATcDl18iCrScX39VpTm96vISFZMhmOryYCIp4QLJNN -4HKc2ZdBj6W4igNi6vj5Qo6JMyGpLY2mz4CZskbt0TNuUxWrGood+UrCzpY8x7/N -a93fcvNw+prgCr0rCH3hAPmAFfsOBbtGzNnmq7xf3jg5r4Z4sDiNIF1X1y53DAfV -rWDx49IKsuCEJfPMp1MnBSvDvLaQ2hKXs+cOpx1BCZgHn3skouEUxxgqbtTzBLt1 -xXpmuijsaltWngPnGO7mOAzbpZSdBm82/Emrk9bPMuD0QaLQjWr7HkTSUs6ZsKt4 -7CLPdWqxyY/QVw9UaxeHEtWGQGMIQGgVJGh1fjtUr5O1sC9z9jXcQ0HuIHnRCTls -GP7hklJmfH5V4SyAJQ06/hLuEhUJ7dn+BlqCsT0tLmYTgZYNzNcLHcqBFMEZHvHw -9GENMx/tDXgajKql4bJnzuTK0iGU/YepanANLd1JHECJ4jzTtmKOus9SOGlB2/l1 -0t0ADDYAS3eqOdOcUvo9ElSLCI5vSVHhShSte/n2FMWU+kMUboTUisEG8CgQnrng -g2CvvQvqDkeOtZeqMcC7HdiZS0q3LJUWtwA/ViwxrVlBDCxiTUXCotyBWwARAQAB -tDBSaXBwbGUgTGFicyBCdWcgQm91bnR5IFByb2dyYW0gPGJ1Z3NAcmlwcGxlLmNv -bT6JAjcEEwEKACEFAlUwGHYCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ -zUmgr8V5Kb6R0g//SwY/mVJY59k87iL26/KayauSoOcz7xjcST26l4ZHVVX85gOY -HYZl8k0+m8X3zxeYm9a3QAoAml8sfoaFRFQP8ynnefRrLUPaZ2MjbJ0SACMwZNef -T6o7Mi8LBAaiNZdYVyIfX1oM6YXtqYkuJdav6ZCyvVYqc9OvMJPY2ZzJYuI/ZtvQ -/lTndxCeg9ALNX/iezOLGdfMpf4HuIFVwcPPlwGi+HDlB9/bggDEHC8z434SXVFc -aQatXAPcDkjMUweU7y0CZtYEj00HITd4pSX6MqGiHrxlDZTqinCOPs1Ieqp7qufs -MzlM6irLGucxj1+wa16ieyYvEtGaPIsksUKkywx0O7cf8N2qKg+eIkUk6O0Uc6eO -CszizmiXIXy4O6OiLlVHGKkXHMSW9Nwe9GE95O8G9WR8OZCEuDv+mHPAutO+IjdP -PDAAUvy+3XnkceO+HGWRpVvJZfFP2YH4A33InFL5yqlJmSoR/yVingGLxk55bZDM -+HYGR3VeMb8Xj1rf/02qERsZyccMCFdAvKDbTwmvglyHdVLu5sPmktxbBYiemfyJ -qxMxmYXCc9S0hWrWZW7edktBa9NpE58z1mx+hRIrDNbS2sDHrib9PULYCySyVYcF -P+PWEe1CAS5jqkR2ker5td2/pHNnJIycynBEs7l6zbc9fu+nktFJz0q2B+GJAhwE -EAEKAAYFAlUwGaQACgkQ+tiY1qQ2QkjMFw//f2hNY3BPNe+1qbhzumMDCnbTnGif -kLuAGl9OKt81VHG1f6RnaGiLpR696+6Ja45KzH15cQ5JJl5Bgs1YkR/noTGX8IAD -c70eNwiFu8JXTaaeeJrsmFkF9Tueufb364risYkvPP8tNUD3InBFEZT3WN7JKwix -coD4/BwekUwOZVDd/uCFEyhlhZsROxdKNisNo3VtAq2s+3tIBAmTrriFUl0K+ZC5 -zgavcpnPN57zMtW9aK+VO3wXqAKYLYmtgxkVzSLUZt2M7JuwOaAdyuYWAneKZPCu -1AXkmyo+d84sd5mZaKOr5xArAFiNMWPUcZL4rkS1Fq4dKtGAqzzR7a7hWtA5o27T -6vynuxZ1n0PPh0er2O/zF4znIjm5RhTlfjp/VmhZdQfpulFEQ/dMxxGkQ9z5IYbX -mTlSDbCSb+FMsanRBJ7Drp5EmBIudVGY6SHI5Re1RQiEh7GoDfUMUwZO+TVDII5R -Ra7WyuimYleJgDo/+7HyfuIyGDaUCVj6pwVtYtYIdOI3tTw1R1Mr0V8yaNVnJghL -CHcEJQL+YHSmiMM3ySil3O6tm1By6lFz8bVe/rgG/5uklQrnjMR37jYboi1orCC4 -yeIoQeV0ItlxeTyBwYIV/o1DBNxDevTZvJabC93WiGLw2XFjpZ0q/9+zI2rJUZJh -qxmKP+D4e27lCI65Ag0EVTAYdgEQAMvttYNqeRNBRpSX8fk45WVIV8Fb21fWdwk6 -2SkZnJURbiC0LxQnOi7wrtii7DeFZtwM2kFHihS1VHekBnIKKZQSgGoKuFAQMGyu -a426H4ZsSmA9Ufd7kRbvdtEcp7/RTAanhrSL4lkBhaKJrXlxBJ27o3nd7/rh7r3a -OszbPY6DJ5bWClX3KooPTDl/RF2lHn+fweFk58UvuunHIyo4BWJUdilSXIjLun+P -Qaik4ZAsZVwNhdNz05d+vtai4AwbYoO7adboMLRkYaXSQwGytkm+fM6r7OpXHYuS -cR4zB/OK5hxCVEpWfiwN71N2NMvnEMaWd/9uhqxJzyvYgkVUXV9274TUe16pzXnW -ZLfmitjwc91e7mJBBfKNenDdhaLEIlDRwKTLj7k58f9srpMnyZFacntu5pUMNblB -cjXwWxz5ZaQikLnKYhIvrIEwtWPyjqOzNXNvYfZamve/LJ8HmWGCKao3QHoAIDvB -9XBxrDyTJDpxbog6Qu4SY8AdgVlan6c/PsLDc7EUegeYiNTzsOK+eq3G5/E92eIu -TsUXlciypFcRm1q8vLRr+HYYe2mJDo4GetB1zLkAFBcYJm/x9iJQbu0hn5NxJvZO -R0Y5nOJQdyi+muJzKYwhkuzaOlswzqVXkq/7+QCjg7QsycdcwDjiQh3OrsgXHrwl -M7gyafL9ABEBAAGJAh8EGAEKAAkFAlUwGHYCGwwACgkQzUmgr8V5Kb50BxAAhj9T -TwmNrgRldTHszj+Qc+v8RWqV6j+R+zc0cn5XlUa6XFaXI1OFFg71H4dhCPEiYeN0 -IrnocyMNvCol+eKIlPKbPTmoixjQ4udPTR1DC1Bx1MyW5FqOrsgBl5t0e1VwEViM -NspSStxu5Hsr6oWz2GD48lXZWJOgoL1RLs+uxjcyjySD/em2fOKASwchYmI+ezRv -plfhAFIMKTSCN2pgVTEOaaz13M0U+MoprThqF1LWzkGkkC7n/1V1f5tn83BWiagG -2N2Q4tHLfyouzMUKnX28kQ9sXfxwmYb2sA9FNIgxy+TdKU2ofLxivoWT8zS189z/ -Yj9fErmiMjns2FzEDX+bipAw55X4D/RsaFgC+2x2PDbxeQh6JalRA2Wjq32Ouubx -u+I4QhEDJIcVwt9x6LPDuos1F+M5QW0AiUhKrZJ17UrxOtaquh/nPUL9T3l2qPUn -1ChrZEEEhHO6vA8+jn0+cV9n5xEz30Str9iHnDQ5QyR5LyV4UBPgTdWyQzNVKA69 -KsSr9lbHEtQFRzGuBKwt6UlSFv9vPWWJkJit5XDKAlcKuGXj0J8OlltToocGElkF -+gEBZfoOWi/IBjRLrFW2cT3p36DTR5O1Ud/1DLnWRqgWNBLrbs2/KMKE6EnHttyD -7Tz8SQkuxltX/yBXMV3Ddy0t6nWV2SZEfuxJAQI= -=spg4 ------END PGP PUBLIC KEY BLOCK----- -``` +This policy is based on the National Cyber Security Centre’s Responsible Disclosure Guidelines and an [example by Floor Terra](https://responsibledisclosure.nl).