If you think you've found a serious or potential security bug that you
don't want to report on a public mailing list, then send email to both
<rjones@redhat.com> and <eblake@redhat.com>.

Make it clear in the email Subject line that it's a serious or
security-related bug in nbdkit.

You can also sign and/or encrypt messages using our GPG public keys
available on the usual keyservers, or online here:
https://download.libguestfs.org/libguestfs.keyring

For information about past security issues, see
docs/nbdkit-security.pod, or the nbdkit-security(1) man page if you
have installed nbdkit, also available online here:
http://libguestfs.org/nbdkit-security.1.html