doc: dissuade people from using PGP for security reports

author Brad Fitzpatrick <bradfitz@golang.org>

Sun, 16 Apr 2017 15:20:34 +0000 (15:20 +0000)

committer Brad Fitzpatrick <bradfitz@golang.org>

Mon, 17 Apr 2017 18:33:08 +0000 (18:33 +0000)
author Brad Fitzpatrick <bradfitz@golang.org>
Sun, 16 Apr 2017 15:20:34 +0000 (15:20 +0000)
committer Brad Fitzpatrick <bradfitz@golang.org>
Mon, 17 Apr 2017 18:33:08 +0000 (18:33 +0000)
diff --git a/doc/security.html b/doc/security.html

index 59115869230719b1a46925f585221bb1de4bea3e..0d8b5ee52603865f44f0755b78145e772f0331b0 100644 (file)
--- a/doc/security.html
+++ b/doc/security.html
@@ -20,7 +20,7 @@ This mail is delivered to a small security team.
  Your email will be acknowledged within 24 hours, and you'll receive a more
  detailed response to your email within 72 hours indicating the next steps in
  handling your report.
-If you would like, you can encrypt your report using our PGP key (listed below).
+For critical problems, you can encrypt your report using our PGP key (listed below).
  </p>
  
  <p>
@@ -118,6 +118,12 @@ If you have any suggestions to improve this policy, please send an email to
  
  <h3>PGP Key for <a href="mailto:security@golang.org">security@golang.org</a></h3>
  
+<p>
+We accept PGP-encrypted email, but the majority of the security team
+are not regular PGP users so it's somewhat inconvenient. Please only
+use PGP for critical security reports.
+</p>
+
  <pre>
  -----BEGIN PGP PUBLIC KEY BLOCK-----
  Comment: GPGTools - https://gpgtools.org
author	Brad Fitzpatrick <bradfitz@golang.org>
	Sun, 16 Apr 2017 15:20:34 +0000 (15:20 +0000)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Mon, 17 Apr 2017 18:33:08 +0000 (18:33 +0000)