Security

My Keys

OpenPGP Key

My OpenPGP key is available for download here. Its fingerprint is 1642 C5C9 C092 F5AC 1FE9 2220 12C1 B5FF 5583 17E5.

Key Signing Policy

I do not publicly sign any keys but my own.

Code Signing

All of my git commits should be signed either with my own key or, in the case of merge commits, with GitHub’s key. All releases should be signed with my own key.

Keybase

I also use Keybase, which you can use to validate other parts of my identity.

Site Integrity

The GitHub Pages version of this site is built from this repository, where you can verify the latest commit signature.

Reporting Security Issues

To report security issues to me (e.g. a security bug in one of my open-source projects), contact me following the instructions below. I do not offer bug bounties, but I happily accept bug reports.

This site has a security.txt file that complies with the security.txt draft RFC. The file describes how to report security issues with this site.

See my vulnerability disclosure policy for details on my policies and for safe-harbor protections.

Contact

To contact me securely, email me using the contact link at the bottom of the page. Encrypt your email for my OpenPGP Key using OpenPGP.

Alternatively, you can contact me over Keybase.

If you prefer another method of contact, feel free to suggest it, but please use one of the above methods for first contact.