<p>First of all: if you're reading this, I'd like to <strong>thank you</strong> 🙏 for your interest in submitting a security report regarding any aspects of my mini-hosting service for non-profits and poor organisations!</p> <p>I'm not really fussy in the way you contact me — the best way is simply to email me at <a href="mailto:gwyneth.llewelyn@gwynethllewelyn.net" class="mailto">gwyneth.llewelyn@gwynethllewelyn.net</a> (or optionally <a href="mailto:webmistress@gwynethllewelyn.net" class="mailto">webmistress@gwynethllewelyn.net</a>, if the first bounces emails), or, naturally enough, on any of the emails listed on the <a href="https://autonomy.gwynethllewelyn.net/.well-known/security.txt" target="_blank" rel="nofollow noopener noreferrer" class="external-link no-image">security.txt</a> file.</p> <p>I would just ask you to send the email encrypted with OpenPGP, using my key, which can be retrieved from several public sources with the fingerprint <code>CE8A6006B611850F127572BAD93EAA3DC4B3E1CB</code>.</p> <p>For encrypted instant messaging, I'm fond of using <a href="https://keybase.io/gwynethllewelyn" target="_blank" rel="nofollow noopener noreferrer" class="external-link no-image">Keybase</a>. You can check the ownership of this site you're viewing right now by retrieving their signed claim on the usual location: https://autonomy.gwynethllewelyn.net/keybase.txt</p> <p>Again: thank you very much for the time you spent discovering those security flaws and reaching me with your report. It's duly appreciated, and I will do my best to fix everything accordingly!</p> <p>Cheers 🙂👋</p>