If you discover a security vulnerability, please report it responsibly:

1. Do not open a public GitHub issue
2. Email the maintainer or use GitHub's private vulnerability reporting

All release binaries are:

• Built from source via GitHub Actions (fully reproducible)
• Signed via SignPath.io for code integrity
• Available alongside source code for independent verification