Security

Permissions

Your code runs in sandboxes, isolated from other sandboxes, and not accessible from the internet. Our staff does not read your code, unless you ask them to. This can happen, at your request, during our onboarding process or due to support requests.

We do however analyze build logs in case of errors, to send you relevant information about what happenned and how to fix the problem. These do not contain sensitive information, and are mainly compilation reports or debug output from our own scripts.

Due to the nature of GitHub's security model, when you give us access to your public or private repositories, we gain access to all of them by default. However, we only ever access the ones you explicitly add in our interface, and any statistics we may gather will only be done on active projects explicitly declared on Packager.io.

SSL

We force HTTPS for all services, including our public website. We also make sure to use only third-party hosted software with HTTPS enabled.

Disclosure

We rapidly investigate all reported security issues. If you believe you've discovered a bug in our security, please get in touch at security@packager.io, optionally using our PGP key at the bottom of this page. We request that you not publicly disclose the issue until it has been addressed by our team.

PGP

Please find our PGP key below. You can use it to encrypt your communications with us.

  • Key ID: 4ED776A2
  • Key type: RSA
  • Key size: 2048
  • Fingerprint: 2DDB 23A6 C730 77AF 6E99 9FB2 D731 6E2D 4ED7 76A2
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFM5Ub8BCADk8ni97TTTN5gZGB222NPaLgzeqGK8S5+3OSoFTa8Az1r7BHoD
2He8E6OOtcZlhxgsOboSwA/EXTqBTgzjIXWMoWKdJeWd7dxN3VMHJ3tniZ4CMWvm
3rlOZoOaUr4sPfRVesTkOQxgCoVmPn8khlGnwYCzIcTS3+dh02s5a2ID7Gbu1aPD
SJabgFxWjMyiWnMqQbFws20+Vy1NC1ZsJGmUrcTfjfLtKPRTG82sPQaMX7OkTm9r
jsDoSBfyNhnA6F5Ep6EZT+7j19j3iaFC1ylHzBUBAr7TZuTV0z4AEiLvagC5Y2Qt
Z75+td31nDKQNnIiDiX7GGskgRh5IaxA9GmVABEBAAG0MlBLR1IgU2VjdXJpdHkg
KGh0dHBzOi8vcGtnci5pbykgPHNlY3VyaXR5QHBrZ3IuaW8+iQE4BBMBAgAiBQJT
OVG/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDXMW4tTtd2oi/6CACu
/fOnQO6Mz4TrDsuhj1TPXtY2++SBNSaIDds0hXMaI8VhqRT6K5jw/uuuPxi8bvMX
9V7TSisacCOJlJgy+fSiTshqa6UcZCZ9lOTqAF9QUvfcD0h5BMiN15QvgKyxbppp
qwYapygk8/k+uG1v4pR2gX9TTwM1YyFECDp3vY3GMVwtKmwtVBJ1NLlnTySIN0dx
zXPdBGrwBKj61ica0U3/T+rEoAKUFAx4IVAorTnrvUTgqDe6fJjq9rdaV8DuNZPu
Ll20zvemrf4nkM4XmxiKKhGIhdRdUt6l3GcItKz3D4fN7lkI8xgLwyYaiEpr9UxK
qLetN6mYBuLqKAtURNshuQENBFM5Ub8BCACoyZYkpzEvH/xtMSdOJ45nkQdqI5Zw
89p1AK2l2YvYoVRn6bGF/FzhO2SctbZurxYRuWINwPYliWfPIQfOybGiWDayNq+A
UvggQHUMTru8E98aFcVVFrSkM+XTA3p5roH9Sa+mHJS4sTLGeXUgsqxz8T2peXW9
X/fkZJGYFC7nFA/jf7vwFax9ipgSlEJ7uopagz62ho8CaTOufrBhXLs1pKRrLXe6
IQh/Em8kwnT03rp2TVr3KsZZl0OxL+On6ImZnoY8SHft1hKbJmKo7e9/J3COizGC
EbDft1Uffdg1aJT5oOkSXSH+F6rR+ZaVSMaxIFrRyJhGyp6xfBPTxG7LABEBAAGJ
AR8EGAECAAkFAlM5Ub8CGwwACgkQ1zFuLU7XdqJfOggA0qBMqS/451nu9z7oLout
SyVntYWJ1WNbYlABtYJCsYpcupbYMDia4qqgv7E6WLqvBQcjvOsA1IKtLcTXAoA/
sr9u0vEmMbsev8fJkGGwtmIqB23n2Lyms1/g05d3bgykEfyfDfHtBmG9rSUnOl9d
FieWFafilkbLBX9IcejtxjgvueOrKAp0if1e5Pq+/jnA/wnxys9E4yU1z7GOuaUA
C50o4H2J4y9BPM4kxNpXGh1WaLbDXgpQw1SAo6d1qkOV6w68yphtM8gmkBeTTYor
JHZURaKa3oF+9B4zjaWrPrfrcwmgD+U9XjcXFCKAts+e0J3gkx8IGynvJu4G1mFi
cQ==
=DqxL
-----END PGP PUBLIC KEY BLOCK-----