This repository accepts security reports for:
- Python package runtime and verification CLI (
src/zpe_taste/). - Packaging and release metadata (
pyproject.toml,CITATION.cff,REPRODUCIBILITY.md,.zenodo.json). - CI and release pipeline configuration.
Scientific disagreements about the repository's negative finding are not security issues. Route those through the public issue tracker using the evidence-dispute path.
Please report vulnerabilities privately to architects@zer0pa.ai with:
- A clear impact summary.
- Reproduction steps or proof-of-concept.
- Affected versions or commit ranges.
- Suggested remediation when available.
Do not open a public issue for a security vulnerability.
- Initial acknowledgement: within 5 business days.
- Triage and severity classification: within 10 business days.
- Remediation timeline: shared post-triage.
Public disclosure should be coordinated after a fix is available.