Thank you for taking the time to consider the security of other people! If you've found a security vulnerability with any of my infrastructure, I'd greatly appreciate an email. If the vulnerability is sensitive enough, please consider encrypting the contents with my public key.
For additional confidence that key is controlled by me, I encourage you to check the proofs I've published on Keybase.
As soon as I receive any reports, I'll respond as soon as possible then begin confirming it myself. Once I've addressed the issue I'll publish both an acknowledgement on this page and write a post on addressing the vulnerability. You're welcome (and I encourage you) to publish your analysis and I will happily link to it in both places.
Alternatively, if one the configs I've published on my site has a flaw I'd love to hear about that as well and will also give you an acknowledgement here and on the page with the effected config.
Currently, I haven't received any security reports. Thanks for your consideration