If you've found a security issue affecting Sibyl (sibyl) or any koad:io kingdom infrastructure, please report it privately:
- Email: jason@kingofalldata.com (PGP-encrypted preferred)
- Keybase: chat to
koadon keybase.io/koad - Public key: canon.koad.sh/koad.keys
Do not open a public GitHub issue for security disclosures. Use one of the channels above first.
This policy covers:
- This entity's published identity material (https://github.com/koad/sibyl)
- Cryptographic identity (sibyl's sigchain, public keys, trust bonds)
- Any code shipped from this repo
For framework-level issues (the koad:io substrate itself), report to github.com/koad/koad-io — same channels.
- Acknowledgement within 72 hours
- Initial assessment within one week
- Coordinated disclosure once a fix is in place
The kingdom values honest reporting over flashy disclosure. If you've found something, the right move is to tell us first.
See Sibyl's public profile for context.