website/markdown/contact/security.md

# Security related communications

[Go back to main contact page](./index.md){ .md-button }

---

Please consult [my general security policy](../security.md) and any project
or org/project-specific policies (via its own `SECURITY.md` file) before proceeding here.
Otherwise, you'll be ignored at best or blocked/muted and reported as spam at worst.

## Looking for PGP and SSH keys?

If you're looking for my PGP and SSH keys I use in commits and connecting to machines and code forges
over SSH, please [visit this page](../keys/index.md).

## Security questions

I am not a cybersecurity person or have expertise in cryptography, so sorry if I can't reply to you.
I may redirect you to resources or give advice as my capacity allow.

## Submitting security patches

If you also want to submit a security patch, which I appreciate your effort as a maintainer, please DO NOT mention about the vulnerability
within the patch (unless via these methods below).

### via email

Please send security patches at [`~ajhalili2006/security@lists.sr.ht`](mailto:~ajhalili2006/security@lists.sr.ht)
instead of the public inbox if you using email to submit patches. Access to the mailing list
archives is limited to few trusted people alongside myself.

### as confidential GitLab merge request

When submitting a security-sensitive patch in GitLab, don't forget to mark it as
confidential merge request or request to access to security patches-only private fork.
[See GitLab Docs for details](https://docs.gitlab.com/ee/user/project/merge_requests/confidential.html).

### in GitHub private vulnerability reports

On projects with private vulnerability reporting enabled, after submitting your report,
you can push your patches to a private fork specific to that report.

## Notifying regarding data leaks



## See also

* [Encrypted Communications](../user-manual/encrypted-communications.md) for additional guidance
regarding using PGP and EE2E chat over Matrix