# Security related communications [Go back to main contact page](./index.md){ .md-button } --- Please consult [my general security policy](../security.md) and any project or org/project-specific policies (via its own `SECURITY.md` file) before proceeding here. Otherwise, you'll be ignored at best or blocked/muted and reported as spam at worst. ## Looking for PGP and SSH keys? If you're looking for my PGP and SSH keys I use in commits and connecting to machines and code forges over SSH, please [visit this page](../keys/index.md). ## Security questions I am not a cybersecurity person or have expertise in cryptography, so sorry if I can't reply to you. I may redirect you to resources or give advice as my capacity allow. ## Submitting security patches If you also want to submit a security patch, which I appreciate your effort as a maintainer, please DO NOT mention about the vulnerability within the patch (unless via these methods below). ### via email Please send security patches at [`~ajhalili2006/security@lists.sr.ht`](mailto:~ajhalili2006/security@lists.sr.ht) instead of the public inbox if you using email to submit patches. Access to the mailing list archives is limited to few trusted people alongside myself. ### as confidential GitLab merge request When submitting a security-sensitive patch in GitLab, don't forget to mark it as confidential merge request or request to access to security patches-only private fork. [See GitLab Docs for details](https://docs.gitlab.com/ee/user/project/merge_requests/confidential.html). ### in GitHub private vulnerability reports On projects with private vulnerability reporting enabled, after submitting your report, you can push your patches to a private fork specific to that report. ## Notifying regarding data leaks ## See also * [Encrypted Communications](../user-manual/encrypted-communications.md) for additional guidance regarding using PGP and EE2E chat over Matrix