Security fixes ship on the default branch (master). Consume this repository by pinning commits or forks for supply-chain control rather than blindly tracking master when that matters.

Email Garret Patten at garret.patten@proton.me with:

• Brief description of impact and suspected component (script path, downloader, APT source, submodule).
• Whether you believe it is remotely exploitable and any proof-of-concept you can safely share.

You should receive acknowledgement of receipt; substantive updates align with remediation progress. If a finding is declined, reasoning will be given.

• Social engineering against maintainers or users.
• Physical access or already-compromised hosts.
• Theoretical attacks without a plausible path through this repo’s unattended automation (document gaps as issues instead).