If you wish to contact us in private you can do so via the
following addresses. Note that we use
-[GnuPG](http://www.gnupg.org/), our emails are (almost) always
+[GnuPG](https://www.gnupg.org/), our emails are (almost) always
signed. This will also allow you to send us encrypted emails.
- Guus Sliepen <guus@tinc-vpn.org>
### On IRC
-There is a channel on the [FreeNode](http://www.freenode.net/) and
-[OFTC](http://www.oftc.net/) IRC networks. Connect to
+There is a channel on the [FreeNode](https://www.freenode.net/) and
+[OFTC](https://www.oftc.net/) IRC networks. Connect to
[irc.freenode.net](irc://irc.freenode.net/#tinc)
or [irc.oftc.net](irc://irc.oftc.net/#tinc) and join channel `#tinc`.
We are logged in most of the time, but may not be active. If you
and wait. If you cannot stay on IRC and really want to ask a
question, please do so via email, see above.
A history of the channel is available on request.
+
+### Reporting security issues
+
+In case you have found a security issue in tinc, please report it via email
+to Guus Sliepen <guus@tinc-vpn.org>, preferrably PGP encrypted.
+We will then try to get a CVE number assigned, and coordinate a bugfix release with major Linux distributions.