Security Reporting
How to report security issues related to signing infrastructure or artifact integrity.
Reporting a Security Issue
To report a suspected compromise of signing keys, suspicious artifact behavior, or any trust-related security concern, please contact:
- Email: security@patterneddesigns.ca
- Subject:
[SECURITY] Trust Infrastructure
We aim to acknowledge reports within 72 hours and provide a substantive response within 7 days.
Reports are treated confidentially. We will not share identifying information without your consent.
What to include in your report
- The key name or fingerprint you believe was compromised (see the Keys page)
- The artifact URL or reference showing unexpected behavior
- A description of the observed concern and any reproduction steps
- Your preferred contact information for follow-up
If you believe a signing key has been compromised, reference the emergency rotation policy: Emergency Rotation Policy v1