Commit 479f968e authored by Michael Catanzaro's avatar Michael Catanzaro
Browse files

Remove TODOs

We eventually did set up the autoreply, after noticing that we had missed several months of emails to security@.

Also, remove the suggestion to use GPG, because this is a huge pain for everyone and it provides very little value now that TLS is ubiquitous.
parent 2398c242
......@@ -14,13 +14,6 @@ When creating an issue report via GitLab, consider marking your report as
confidential. Issues reported via the web form are automatically marked as
*TODO*: Once we determine that this workflow is suitable, we'll set up an
autoreply so that anyone mailing is directed to use the web
## GPG
*TODO*: Do we want to accept vulnerability reports over GPG? If so, Tobi should
write instructions because he knows how to use GPG. We can add an optional field
in the web form to include the PGP key for direct communications with the reporter,
but the issues will always be in clear text.
\ No newline at end of file
GPG sucks. Just use the web form.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment