Security incident disclosure

I wrote more about this in <a href="https:&#x2F;&#x2F;twitter.com&#x2F;vesirin&#x2F;status&#x2F;1026807849970614273?s=21" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;vesirin&#x2F;status&#x2F;1026807849970614273?s=21</a>. Vulnerabilities in package managers is a scary thing.