Security related resources and information.
To report issues in a responsible manner, please send to "security" on domain "joystream.org", and encrypt the message, this is however not a support channel.
The following GPG keys may be used to communicate sensitive information to relevant developers, in particular concerning the runtime and blockchain, but also other critical infrastructure and applications. These recipients will relay the message securely to whomever is the maintainer at any given time.
You can import a key by running the following command with that individual’s fingerprint:
gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>"Ensure that you put quotes around fingerprints containing spaces.
Two runtime audits have been conducted so far