This document covers security for the Debian package builder repository. For application security, see the main application repository.
| Version | Supported |
|---|---|
| 1.2.x | ✅ |
| 1.1.x | ✅ |
| < 1.1 | ❌ |
Do NOT open a public GitHub issue for security vulnerabilities.
Report security vulnerabilities by:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Provide detailed information about the vulnerability
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Target: Within 30 days (depending on severity)
All packages uploaded to Launchpad PPA are GPG signed:
- Source packages are signed with maintainer's GPG key
- Use 4096-bit RSA keys
- Upload key to
keyserver.ubuntu.com
PyInstaller binaries are built with PIE (Position Independent Executable) hardening:
# Verify PIE on built binary
hardening-check pyinstaller/dist/notologWe thank all security researchers who responsibly disclose vulnerabilities.
Last updated: February 2026