- In a community project listed here: report it to that project's maintainer (see its INDEX entry). For in-tree code, open a private report via GitHub's "Report a vulnerability" on this repo.
- In the DACS specification itself: follow DACS-Standard's security policy.
Community submissions are reviewed for fit and honesty of claims — not audited. Inclusion in this repo, including canonical designation, is not a security assurance. Treat community code that handles keys or moves value with the scrutiny you would apply to any third-party dependency.