Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Contact Email to Validator Descrition #4814

Closed
4 tasks
rigelrozanski opened this issue Jul 30, 2019 · 3 comments · Fixed by #4865
Closed
4 tasks

Security Contact Email to Validator Descrition #4814

rigelrozanski opened this issue Jul 30, 2019 · 3 comments · Fixed by #4865
Assignees
@rigelrozanski
Milestone
v0.38.0

Comments

@rigelrozanski
Copy link
Contributor

Summary

Problem Definition

Proposal

For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged
  • Contributor assigned/self-assigned
@rigelrozanski rigelrozanski added this to the v0.37.0 milestone Jul 30, 2019
@rigelrozanski rigelrozanski self-assigned this Jul 30, 2019
@AdityaSripal
Copy link
Member

why would this need to be stored in appstate? could just be on validator's website

@jessysaurusrex
Copy link
Contributor

@AdityaSripal As part of our incident retrospective from May, we realized that we needed a direct line of communication with validators for coordination, and a way to gather reliable contact information to quickly coordinate response to security incidents that impact the Cosmos hub and our network operators.

Given that we'd like to be able to pre-notify validators that they should be ready to patch when a fix for a high or critical severity issue surfaces, it's simpler for us to query for a parameter on the network when needed versus dig through ~100+ different websites or try to require us to maintain a spreadsheet of ever-changing contact info. Plus, by filling out the field, we have a clear sign from our network operators that serves as an opt-in to vulnerability coordination with a security@[validator.domain] email address.

@AdityaSripal
Copy link
Member

ok thanks for the explanation 👍

@rigelrozanski rigelrozanski mentioned this issue Aug 7, 2019
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rigelrozanski rigelrozanski

Labels
None yet
Projects
None yet
Milestone
v0.38.0
Development

Successfully merging a pull request may close this issue.

R4R Add security contact to Validator description cosmos/cosmos-sdk
3 participants
@jessysaurusrex @AdityaSripal @rigelrozanski