Shipwright encourages all users and contributors to report potential security vulnerabilities to the project maintainers. If you think you have found a security flaw related to Shipwright's code, please send a report to shipwright-security@lists.shipwright.io. Encryption using GPG is NOT required to make a disclosure.