@@ 124,12 124,12 @@ This is done for you automatically whenever you submit builds using sr.ht
features. When building patches from your mailing list, sr.ht will automatically
disable secrets.
-In any case, if your secret is leaked, you **must** consider it permanently
-compromised, revoke it from any services it provides authentication for, and
-generate new secrets from scratch. All build logs are public, and to encourage
-users to roll over secrets which are compromised, our policy is to refuse to
-redact secrets leaked in this manner. If you require some time to fully address
-the consequences of a secret leak, we may redact them for up to one week —
+If your secret is leaked in a public *or* unlisted build, you **must** consider
+it permanently compromised, revoke it from any services it provides
+authentication for, and generate new secrets from scratch. To encourage users to
+rotate compromised secrets, SourceHut policy is to refuse to redact secrets
+leaked in this manner. If you require some time to fully address the
+consequences of a secret leak, we may redact them for up to one week —
[email support][sr.ht-support] if you require this.
## Build environment