Skip to content
This repository has been archived by the owner on Oct 22, 2024. It is now read-only.

Latest commit

 

History

History
22 lines (16 loc) · 1.07 KB

AUDIT.md

File metadata and controls

22 lines (16 loc) · 1.07 KB

Audit

Audits are conducted to ensure the absence of severe or exploitable bugs. Pull Requests are generally merged into the master branch without audit. The audited tag is used to track the latest audited commit of the master branch. This means that audits need to happen in order of being merged.
This is an optimistic approach that lets us develop with greater speed, while requiring (possibly) large refactors in the failure case.

Audits can be deferred if the logic is gated by an experimental feature or marked as "Not Production Ready" within the first line of doc. Such changes should be queued manually before these warnings are removed.

General Guidelines for what to Audit

There is no single one-fits-all rule. Generally we should audit important logic that could immediately be used on production networks. If in doubt, ask in chat or in the Merge Request.

Requesting an Audit

  1. Add the PR to the project Security Audit (PRs) - SRLabs
  2. Set status to Backlog
  3. Assign priority, considering the universe of PRs currently in the backlog
  4. Add the component