From @geebotron on Tue May 10 2016 16:30:20 GMT+0000 (UTC)
Iām interested in your security policy.
On this page you request serious security vulnerabilities in IPFS be reported privately and not made public. This is in contrast to, say, the OpenBSD security policy which encourages full public disclosure.
Iām interested to know how you think your policy improves the security of someone who hosts a āliveā IPFS node, given that any vulnerability you have been made aware of, may also have been circulated among other āorganizationsā?
Copied from original issue: https://github.com/ipfs/faq/issues/118