doc: dissuade people from using PGP for security reports

Change-Id: I7e4f22a2b6c80dd0787c011703f3f8586ff55a50 Reviewed-on: https://go-review.googlesource.com/40860Reviewed-by: Chris Broadfoot <cbro@golang.org>

doc: dissuade people from using PGP for security reports
Change-Id: I7e4f22a2b6c80dd0787c011703f3f8586ff55a50 Reviewed-on: https://go-review.googlesource.com/40860Reviewed-by: Chris Broadfoot <cbro@golang.org>
73f283f4 · Brad Fitzpatrick · fc2d9cdf · 73f283f4
Commit 73f283f4 authored Apr 16, 2017 by Brad Fitzpatrick
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

doc/security.html doc/security.html +7 -1

No files found.
--- a/doc/security.html
+++ b/doc/security.html
@@ -20,7 +20,7 @@ This mail is delivered to a small security team.
 Your email will be acknowledged within 24 hours, and you'll receive a more
 detailed response to your email within 72 hours indicating the next steps in
 handling your report.
-If you would like, you can encrypt your report using our PGP key (listed below).
+For critical problems, you can encrypt your report using our PGP key (listed below).
 </p>

 <p>
@@ -118,6 +118,12 @@ If you have any suggestions to improve this policy, please send an email to

 <h3>PGP Key for <a href="mailto:security@golang.org">security@golang.org</a></h3>

+<p>
+We accept PGP-encrypted email, but the majority of the security team
+are not regular PGP users so it's somewhat inconvenient. Please only
+use PGP for critical security reports.
+</p>
+
 <pre>
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Comment: GPGTools - https://gpgtools.org