forked from cerc-io/ipld-eth-server
26 lines
1.1 KiB
Plaintext
26 lines
1.1 KiB
Plaintext
IPFS Alpha Security Notes
|
|
|
|
We try hard to ensure our system is safe and robust, but all software
|
|
has bugs, especially new software. This distribution is meant to be an
|
|
alpha preview, don't use it for anything mission critical.
|
|
|
|
Please note the following:
|
|
|
|
- This is alpha software and has not been audited. It is our goal
|
|
to conduct a proper security audit once we close in on a 1.0 release.
|
|
|
|
- ipfs is a networked program, and may have serious undiscovered
|
|
vulnerabilities. It is written in Go, and we do not execute any
|
|
user provided data. But please point any problems out to us in a
|
|
github issue, or email security@ipfs.io privately.
|
|
|
|
- security@ipfs.io GPG key:
|
|
- 4B9665FB 92636D17 7C7A86D3 50AAE8A9 59B13AF3
|
|
- https://pgp.mit.edu/pks/lookup?op=get&search=0x50AAE8A959B13AF3
|
|
|
|
- ipfs uses encryption for all communication, but it's NOT PROVEN SECURE
|
|
YET! It may be totally broken. For now, the code is included to make
|
|
sure we benchmark our operations with encryption in mind. In the future,
|
|
there will be an "unsafe" mode for high performance intranet apps.
|
|
If this is a blocking feature for you, please contact us.
|