CalvinBackup/JGoyd
1
0
Fork 0
mirror of https://github.com/JGoyd/JGoyd.git synced 2026-06-28 21:49:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cc32c2e8d2e49515b4d99fc0153e15e402365372
JGoyd/README.md
T
Joseph Goydish II 772b8b25d6 Update README.md
2026-05-21 13:19:10 -07:00

79 lines
4.1 KiB
Markdown
Raw Blame History

# Joseph R. Goydish II
Public-interest technical record, evidence preservation, and signed activity ledger.
This profile indexes public records, signed ledger entries, submissions, receipts, hashes, and supporting artifacts that can be checked independently. The strongest current anchors are two CNVD/CNCERT certificate exhibits naming `Joseph Goydish` as contributor for Apple vulnerability records, plus a five-CVE CISA/NVD rescore trail tied to public vulnrichment filings.
## Canonical Record
Browser landing page: [https://jgoyd.github.io/JGoyd/](https://jgoyd.github.io/JGoyd/)
Anchor index: [https://jgoyd.github.io/JGoyd/anchors/](https://jgoyd.github.io/JGoyd/anchors/)
GitHub's repository file view displays HTML source. Use the Pages links above for the rendered page.
## Public Anchors
| Anchor | What the record shows | Proof path |
| --- | --- | --- |
| CNVD/CNCERT certificates | Two Apple vulnerability certificate records name `Joseph Goydish` as contributor: CNVD-2025-06744 and CNVD-2025-07885 | [`anchors/`](./anchors/) |
| CISA/NVD rescore trail | Five Apple CVEs on public scoring-history trail: three CVSS 10.0 and two CVSS 9.8 | [`anchors/cisa-nvd-vulnrichment-rescore/`](./anchors/cisa-nvd-vulnrichment-rescore/) |
| CERT/CC chronology | VINCE case timing predates relevant Apple advisories in the public chronology | [`anchors/certcc-vince-chronology/`](./anchors/certcc-vince-chronology/) |
## Public Technical Anchors
| Record | Date | Contributor / filing | Public status |
| --- | ---: | --- | --- |
| CNVD-2025-06744, Apple iOS / iPadOS buffer overflow | 2025-03-18 | CNVD-YCGO-202503023656 names `Joseph Goydish` | CNVD/CNCERT certificate exhibit |
| CNVD-2025-07885, Apple memory reuse | 2025-04-22 | CNVD-YCGO-202504012519 names `Joseph Goydish` | CNVD/CNCERT certificate exhibit |
| CVE-2025-24085 | 2025-01-27 | `cisagov/vulnrichment#194` | CVSS 10.0 public rescore trail |
| CVE-2025-24201 | 2025-03-11 | `cisagov/vulnrichment#194` | CVSS 10.0 public rescore trail |
| CVE-2025-43300 | 2025-08-20 | `cisagov/vulnrichment#201` | CVSS 10.0 public rescore trail |
| CVE-2025-31200 | 2025-04-16 | `cisagov/vulnrichment#200` | CVSS 9.8 public rescore trail |
| CVE-2025-31201 | 2025-04-16 | `cisagov/vulnrichment#200` | CVSS 9.8 public rescore trail |
The record supports a narrow chronology: CERT/CC VINCE timing before relevant Apple advisories, followed later by public CISA/NVD scoring-history activity tied to public filings.
## Signed Ledger
The ledger is the public index, not the whole archive. It records:
| Evidence class | What it can establish |
| --- | --- |
| Public anchors | CNVD/CNCERT records, NVD/CISA records, public repositories, public advisories |
| Submission and receipt evidence | Agency intake, reference numbers, ticket IDs, e-signed receipts, DKIM-valid messages |
| Local integrity evidence | SHA-256 hashes, signed notes, detached signatures, archive references |
## Verify
```text
OpenPGP fingerprint: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11
GitHub account: https://github.com/JGoyd
Primary ledger: Running-Ledger repository
Identity attestation: ./canonical/identity-attestation.txt.asc
```
```bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 4A041F506D894F5EE391743864878B56A2EB2D11
gpg --fingerprint --keyid-format long 4A041F506D894F5EE391743864878B56A2EB2D11
# Run this from a checked-out copy of the Running-Ledger repository:
gpg --verify running-ledger.txt.asc running-ledger.txt
```
A good signature verifies authorship of the ledger file. Each underlying claim still has to be checked against its cited public record, receipt, header, reference number, or hash.
## Operating Line
- Public records are separated from submission receipts.
- Agency acknowledgement means receipt or intake, not adjudication.
- DKIM/e-signed messages establish provenance of a message or receipt, not the truth of every submitted allegation.
- Sensitive packet bodies, credentials, private keys, exploit code, and unpublished raw evidence are not published here.
## Contact
```text
Joseph R. Goydish II
Secure channel: esq.jg.legal@proton.me
PGP: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11
```
Reference in New Issue View Git Blame Copy Permalink