Skip to content

Security related communications

Go back to main contact page


Please consult my general security policy and any project or org/project-specific policies (via its own SECURITY.md file) before proceeding here. Otherwise, you'll be ignored at best or blocked/muted and reported as spam at worst.

Looking for PGP and SSH keys?

If you're looking for my PGP and SSH keys I use in commits and connecting to machines and code forges over SSH, please visit this page.

Security questions

I am not a cybersecurity person or have expertise in cryptography, so sorry if I can't reply to you. I may redirect you to resources or give advice as my capacity allow.

Submitting security patches

If you also want to submit a security patch, which I appreciate your effort as a maintainer, please DO NOT mention about the vulnerability within the patch (unless via these methods below).

via email

Please send security patches at ~ajhalili2006/security@lists.sr.ht instead of the public inbox if you using email to submit patches. Access to the mailing list archives is limited to few trusted people alongside myself.

as confidential GitLab merge request

When submitting a security-sensitive patch in GitLab, don't forget to mark it as confidential merge request or request to access to security patches-only private fork. See GitLab Docs for details.

in GitHub private vulnerability reports

On projects with private vulnerability reporting enabled, after submitting your report, you can push your patches to a private fork specific to that report.

Notifying regarding data leaks

See also