Please report security issues by emailing firstname.lastname@example.org
Most normal bugs can be reported by opening a GitHub issue, but due to the sensitive nature of security issues, we ask that they not be publicly reported in this fashion.
Instead, if you believe you’ve found something that has security implications, please send a description of the issue via email to email@example.com.
Mail sent to firstname.lastname@example.org can be encrypted with our PGP public key
Once you’ve submitted an issue via email, you should receive an acknowledgment from us, and depending on the action to be taken, you may receive further followup emails.
Inspired by and freely adapted from Django’s security policies.