We have a bunch of examples here:
If you are aware of a security bug (or have a proposal/implemention of a "zero day" attack), notifying us privately is in the interest of all users. We can then discuss it post-mortem. To reach us privately, please get our public keys here:
You can import our keys to GPG - and verify our Keybase.io admin status - with
keybase track max and
keybase track chris.
If the bug is kbpgp related, and has nothing to do with Keybase, you can post the issue here. If it has anything to do with Keybase -- the command line client, website, etc. -- please post it in our general keybase issues repo:
We appreciate comments, questions, feature requests, etc.