# Security Policy

This project makes heavy use of `eval` and similar concepts.

Queries are not meant to come from untrusted sources. My advice is to never run
this as an online service.

## Supported Versions

Only the latest release is supported. I will not backport fixes.

## Reporting a Vulnerability

For vulnerabilities that do not require a compromised user account:

contact me at tiposchi@tiscali.it

My PGP key is on this file, on git.
debian/upstream/signing-key.asc