If you find a security issue with Mutagen, please DO NOT submit it via the issue tracker! Instead, please follow responsible disclosure practices and send information about security issues directly to firstname.lastname@example.org so that a proper assessment can be made and a fix prepared before a wide announcement. You will receive an acknowledgement within 24 hours. If you do not, please contact the project maintainer directly at email@example.com.
Even in cases where you have limited or incomplete information, or you're not sure whether or not a problem constitutes a security issue, please make contact as soon as possible. We can work together to investigate, debug, and assess.
You may also direct questions, feedback, or suggestions about Mutagen's security policy to the same email addresses.
Your help is greatly appreciated in keeping Mutagen secure!