It is difficult to underestimate the essential importance of Responsible Disclosure when it comes to private communications within the public network area. The lives of some people rely on keeping their experiences secret. On a larger scale than the individual level, entire countries will depend on the protection and dignity of people who manage these projects. Please be prompt in documentation and vulnerability disclosures.

We'll seek to reach a 90-day turnaround on vulnerabilities that have been reported responsibly. When we haven't updated the repository in 90 days from the audit, disclosing the vulnerability on the GitHub Issues is necessary so others know they can no longer trust this repository to effectively protect their security.

By default rationale on how software releases should be delivered, we aim for the highest possible level on protection without compromising on the works. Unless the guard may be removed between now and the time you passed away, we believe that this is not enough for our designs.