Please report security vulnerabilities privately, never in a public issue.

Use GitHub's "Report a vulnerability" button under the repository's Security tab (Security advisories → Report a vulnerability). This opens a private channel with the maintainers.

When reporting, include:

• the affected version (podup --version) and platform,
• a description of the issue and its impact,
• and, where possible, a minimal reproduction.

• We aim to acknowledge a report within 5 business days.
• We will keep you informed of progress and coordinate a disclosure timeline with you once the issue is confirmed.
• Fixes ship as a new patch release; the advisory is published once users have had a reasonable window to update.

This policy covers the podup binary and library in this repository. Issues in Podman itself should be reported to the Podman project.