Members of the Toltec repository maintainers team are responsible for pushing updates to the Toltec repository and for managing security reports. At this time, the team comprises exclusively volunteers who contribute their free time to the project.

The Toltec repository features two branches, stable and testing. The repo has a short-timed release scheme with new updates pushed to the stable branch every week. It is the responsibility of users to keep their devices updated to the latest release at all times.

No support or security guarantee of any kind is provided for the testing branch. Even for the stable branch, the Toltec maintainers do not promise that all packages are secure. They commit to handling security reports on a best-effort basis, for example, by backporting security patches, holding back known-to-be insecure versions, or removing packages from the repository.

Please send an email to [email protected] for reporting a vulnerability in one of the packages in Toltec. The maintainers team will reach back to you as soon as possible with more details on how they handled your report.