If you discover a security vulnerability in SARE, please follow responsible disclosure practices:

1. Email: Send a detailed report to zolagonano@protonmail.com.
   Optionally, you can encrypt your report using our PGP key: F22EB734505C76E59AFC95C4B4A4AEFDAFF48132.

2. GitHub Security Advisory: You can also use SARE's security advisory reporting tool provided by GitHub to report security issues: https://github.com/SareProject/sare/security/advisories

Please do not disclose security vulnerabilities publicly or in GitHub issues until a fix has been released. Responsible disclosure helps protect all users.

SARE supports the latest stable release and the previous release. Security patches will be backported to these versions where possible.

• Allow reasonable time for the SARE team to fix the issue before publicly disclosing it.
• Avoid distributing exploits or publishing the vulnerability before a fix is released.
• Reporters may be acknowledged in release notes unless they request anonymity.

• Verify SARE binaries or builds using official signatures.
• Keep SARE and dependencies up to date.
• Never share private keys or sensitive files publicly.
• Use strong, unique passphrases for encrypted keys.

For general bug reports or feature requests, use the GitHub Issues page.