We at PkgForge take security very seriously.
If you have found a valid vulnerability in our code, workflows or the SBUILDs, please report it at your earliest convenience.
Please use one of the following channels to report it to us:
- Create an Issue (Use this option only if public reporting will NOT compromise our current security posture)
- Contact Us (Select this method if public disclosure could negatively impact our security posture)
- Reach out to the Team Members (Opt for this if you require the most private and confidential communication channel)
- We assess vulnerabilities using the CVSS framework.
- High/critical vulnerabilities are addressed within 24 hours of being reported
Warning
As a FOSS project that is entirely self-funded, we are unable to offer monetary rewards or bounties.
However, we will credit your contribution in any code fixes or patches arising from your report.