1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# Reporting security bugs
Here are some security-related information for Libravatar.org and the
Libravatar protocol.
## Bugs in the Libravatar.org service
There are two ways to report security bugs in the Libravatar service:
1. [File a bug on the tracker](https://bugs.launchpad.net/libravatar/+filebug) with a "Private Security" visibility.
2. Email Francois Marier at `security@libravatar.org`
## Bugs in the Libravatar protocol
For bugs in the Libravatar federated protocol itself, please email `security@libravatar.org`.
## Bugs in third-party libraries
If you find a bug in a [third-party library](http://wiki.libravatar.org/libraries/),
please email its author directly, but feel free to CC `security@libravatar.org`.
# Acknowledgment
If you email `security@libravatar.org`, we will do our best to acknowledge your
email within 48 hours. If you haven't heard from us, please try again or ping
us through [another channel](http://wiki.libravatar.org/talk_to_us/).
# Disclosure policy
It is of course up to you whether or not you publicize the security
vulnerability you have discovered, but we do ask that you please give us a
bit of time to deploy a fix before you discuss your findings publicly.
|