From 973608d634f08fcc7fd063b3ecec8d10fa02fcd9 Mon Sep 17 00:00:00 2001 From: Romain Ruetschi Date: Tue, 17 Dec 2024 10:56:40 +0100 Subject: [PATCH 1/2] chore(code): Use TCP by default (#688) --- code/config.toml | 4 ++-- code/crates/test/cli/src/cmd/testnet.rs | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/code/config.toml b/code/config.toml index 94404a05b..c7b3bea76 100644 --- a/code/config.toml +++ b/code/config.toml @@ -91,7 +91,7 @@ persistent_peers = [] # - "tcp": TCP + Noise # - "quic": QUIC # Override with MALACHITE__CONSENSUS__P2P__TRANSPORT env variable -transport = "quic" +transport = "tcp" # Enable the discovery protocol to find more peers # Override with MALACHITE__CONSENSUS__P2P__DISCOVERY__ENABLED env variable @@ -160,7 +160,7 @@ persistent_peers = [] # Valid values: # - "tcp": TCP + Noise # - "quic": QUIC -transport = "quic" +transport = "tcp" # These have no effects on the mempool yet pubsub_max_size = "4 MiB" diff --git a/code/crates/test/cli/src/cmd/testnet.rs b/code/crates/test/cli/src/cmd/testnet.rs index b974e4b12..0b8513ce4 100644 --- a/code/crates/test/cli/src/cmd/testnet.rs +++ b/code/crates/test/cli/src/cmd/testnet.rs @@ -97,9 +97,9 @@ pub struct TestnetCmd { /// The transport protocol to use for P2P communication /// Possible values: - /// - "quic": QUIC (default) - /// - "tcp": TCP + Noise - #[clap(short, long, default_value = "quic", verbatim_doc_comment)] + /// - "tcp": TCP + Noise (default) + /// - "quic": QUIC + #[clap(short, long, default_value = "tcp", verbatim_doc_comment)] pub transport: TransportProtocol, } From d3fb8647c223f7b91f6f61aab32eee0870cd293c Mon Sep 17 00:00:00 2001 From: Adi Seredinschi Date: Tue, 17 Dec 2024 12:19:59 +0100 Subject: [PATCH 2/2] chore(docs): Added Security and Contributing guidelines (#689) * added security.md * added contrib doc * nit * Update CONTRIBUTING.md Co-authored-by: Romain Ruetschi --------- Co-authored-by: Romain Ruetschi --- CONTRIBUTING.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++ SECURITY.md | 27 +++++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..61881b6e4 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,53 @@ +# Contributing to Malachite + +First, thank you for your interest in improving Malachite! + +There are multiple opportunities to contribute at any level. It doesn't matter if you are just getting started with Rust or are the most weathered expert, we can use your help. + +No contribution is too small and all contributions are valued. + +This document will help you get started. Do not let the document intimidate you. It should be considered as a guide to help you navigate the process. + +**The [Telegram group][tg] is available for any concerns you may have that are not covered in this guide.** + +If you contribute to this project, your contributions will be made to the project under Apache 2.0 license. + +## Code of Conduct + +### Contact: conduct@informal.systems + +The Malachite project adheres to the [Rust Code of Conduct][rust-coc]. This code of conduct describes the minimum behavior expected from all contributors. + +Violations of this Code of Conduct can be reported by contacting the team at `conduct@informal.systems`. + +## Ways to contribute + +There are three ways you can contribute to Malachite: + +1. **By opening an issue:** For example, if you believe that you have uncovered a bug + in Malachite, creating a new issue in the issue tracker is the way to report it. +2. **By adding context:** Providing additional context to existing issues, + such as screenshots and code snippets to help resolve issues. +3. **By resolving issues:** Typically this is done in the form of either + demonstrating that the issue reported is not a problem after all, or more often, + by opening a pull request that fixes the underlying problem, in a concrete and + reviewable manner. + +**Anybody can participate in any stage of contribution**. We urge you to participate in the discussion around bugs and +participate in reviewing PRs. + +### Contributions Related to Spelling and Grammar + +At this time, we will not be accepting contributions that only fix spelling or grammatical errors in documentation, code or +elsewhere. + +### Getting Help + +If you have reviewed existing documentation and still have questions, or you are having problems, you can get help by *opening a discussion*. This repository comes with a discussion board where we welcome everyone to ask and offer help. Click the "Discussions" tab at the top of the repo. + + +_Adapted from the CometBFT and Reth contributing guides._ + + +[rust-coc]: https://www.rust-lang.org/en-US/conduct.html +[tg]: https://t.me/MalachiteLibrary \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..3622d9448 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,27 @@ +# How to Report a Security Bug in Malachite + +Please **DO NOT** file a public issue in this repository to report a security +vulnerability. + +If you believe you have found a security vulnerability in Malachite, +you can report it via our primary vulnerability disclosure channel, the +email address `security@informal.systems`. Please enclose with your +report the issue details, reproduction, impact, and other +information. Please submit only one unique email thread per vulnerability. + +There is no bounty reward system in place for Malachite yet. + +Artifacts from an email report are saved at the time the email is triaged. +Please note: our team is not able to monitor dynamic content (e.g., a Google Docs +link that is edited after receipt) throughout the lifecycle of a report. If you +would like to share additional information or modify previous information, +please include it in an additional reply as an additional attachment. Thank you +for understanding. + +## Coordinated Vulnerability Disclosure Policy and Safe Harbor + +For the most up-to-date version of the policies that govern our approach to +vulnerability disclosure, please consult +the [Gold Standard Safe Harbor Statement][h1-statement]. + +[h1-statement]: https://docs.hackerone.com/en/articles/8494525-gold-standard-safe-harbor-statement \ No newline at end of file