All Things Linux

At All Things Linux, we are committed to maintaining the highest security standards to protect our community and infrastructure. We deeply value the security research community and actively encourage responsible disclosure of security vulnerabilities. Your contributions help us ensure the safety, privacy, and integrity of our platforms and services.

We believe in transparency and collaboration when it comes to security. Our team is dedicated to investigating all reported issues promptly and working with researchers to address vulnerabilities in a timely and responsible manner.

Scope

This security policy applies to all All Things Linux services, including but not limited to:

All our domains including their subdomains:
- allthingslinux.com
- allthingslinux.dev
- allthingslinux.org
- atl.chat
- atl.dev
- atl.moe
- atl.network
- atl.rip
- atl.services
- atl.sh
- atl.tools
- atl.wiki
Discord bot services and integrations
API endpoints and backend services
Community platforms and forums

We are interested in any vulnerability that could lead to unauthorized access, data breaches, or service disruptions. We welcome any reports of potential security issues outside of this scope but we may not be able to address them immediately.

How to Report a Security Issue

If you have discovered a security vulnerability, please help us keep our community safe by reporting it responsibly. When reporting, please include:

A clear description of the vulnerability and its potential impact
Detailed steps to reproduce the issue
Information about the environment where you discovered the issue
Any proof-of-concept code or evidence (if applicable)
Any recommendations or patches you may have for resolving the issue

~/Contact Information

security@allthingslinux.org

PGP Key: allthingslinux.org/security@allthingslinux.org-pubkey.asc

Alternatively, you may open a ticket in our Discord server at discord.gg/linux and request assistance from our systems team. Please do not disclose vulnerability details in the ticket unless requested by an administrator or a member of the systems team.

Responsible Disclosure Guidelines

We ask that you:

Do not make use of any vulnerabilities without explicit permission to do so
Do not access, copy, or destroy data in any capacity
Do not disrupt our services or degrade the performance of our services
Keep vulnerability details confidential until we have addressed the issue
Give us reasonable time to investigate and resolve the issue

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will ensure it is known that your actions were conducted in compliance with this policy.

~/Recognition

We appreciate security researchers who help keep our community safe. If you would like to be acknowledged for your responsible disclosure, please let us know in your report and we'll be happy to recognize your contribution publicly.