Security policy

Learn how to responsibly report a security issue.

Supported Versions

We have a 3 month release cycle, and the last two versions are supported.

Reporting a Vulnerability

To report security issues, send an email to rusty at rustcorp.com.au, or security at blockstream.com (not for support).

Signatures For Releases

The following keys may be used to communicate sensitive information to
developers, and to validate signatures on releases:

NameFingerprint
Rusty Russell15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1
Christian DeckerB731 AAC5 21B0 1385 9313 F674 A26D 6D9F E088 ED58
Lisa Neigut30DE 693A E0DE 9E37 B3E7 EB6B BFF0 F678 10C1 EED1
Alex Myers0437 4E42 789B BBA9 462E 4767 F3BF 63F2 7474 36AB

You can import a key by running the following command with that individual’s fingerprint: gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>". Ensure that you put quotes around fingerprints containing spaces.