The critical nature of Responsible Disclosure when it comes to private communications in the public network space can not be underestimated. Some people's lives depend on their interactions being kept secret. On a grander scale than the individual level, entire countries can rely on the security and integrity of people who maintain projects like these. Please be swift in reporting and disclosing vulnerabilities.

We will try to aim for a 90-day turnaround on responsibly disclosed vulnerabilities. If we have not updated the repository in 90 days from the report, it is essential to report the vulnerability on the GitHub Issues so that others know that they can no longer trust this repository to protect their security effectively.

We aim for the highest possible level of security without sacrificing on the works by default logic of how software releases should be shipped. We assume that if the guard could be broken between now and the time you've passed away that it's not sufficient for our designs.