Remove TODOs

We eventually did set up the autoreply, after noticing that we had missed several months of emails to security@. Also, remove the suggestion to use GPG, because this is a huge pain for everyone and it provides very little value now that TLS is ubiquitous.

Remove TODOs
We eventually did set up the autoreply, after noticing that we had missed several months of emails to security@. Also, remove the suggestion to use GPG, because this is a huge pain for everyone and it provides very little value now that TLS is ubiquitous.
479f968e · Michael Catanzaro · 2398c242 · 479f968e
Commit 479f968e authored Dec 16, 2021 by Michael Catanzaro
--- a/README.md
+++ b/README.md
@@ -14,13 +14,6 @@ When creating an issue report via GitLab, consider marking your report as
 confidential. Issues reported via the web form are automatically marked as
 confidential.
-*TODO*: Once we determine that this workflow is suitable, we'll set up an
-autoreply so that anyone mailing security@gnome.org is directed to use the web
-form.
 ## GPG
-*TODO*: Do we want to accept vulnerability reports over GPG? If so, Tobi should
+GPG sucks. Just use the web form.
-write instructions because he knows how to use GPG. We can add an optional field
-in the web form to include the PGP key for direct communications with the reporter,
-but the issues will always be in clear text.
\ No newline at end of file