Skip to content

Remove PGP encryption requirement.#114

Merged
jholdstock merged 1 commit intodecred:masterfrom
jholdstock:rm-pgp
Apr 29, 2026
Merged

Remove PGP encryption requirement.#114
jholdstock merged 1 commit intodecred:masterfrom
jholdstock:rm-pgp

Conversation

@jholdstock
Copy link
Copy Markdown
Member

@jholdstock jholdstock commented Apr 27, 2026

Several reasons for this:

  • It is abnormal to require encryption. From my research almost all large bounty programs have optional encryption and do not punish for not using it.
  • It was very rarely used (I guess about 1 in 25 reports encrypted).
  • Admin overhead of maintaining up to date keys and sharing keys among bug bounty group is not worthwhile.
  • Decrypting reports which are encrypted using different tools/formats is time consuming. Often an extra email or two are required where the reporter has not encrypted properly.
  • Encryption can still be arranged on a case-by-case basis when it is desirable.

@jholdstock
Remove PGP encryption requirement.
e84525c 
Several reasons for this:

- It is abnormal to **require** encryption. From my research almost all
  large bounty programs have **optional** encryption and do not punish
  for not using it.
- It was **very** rarely used (I guess about 1 in 25 reports encrypted).
- Admin overhead of maintaining up to date keys and sharing keys among
  bug bounty group is not worthwhile.
- Decrypting reports which are encrypted using different tools/formats
  is time consuming. Often an extra email or two are required where the
  reporter has not encrypted properly.
- Encryption can still be arranged on a case-by-case basis when it is
  desirable.
davecgh
davecgh approved these changes Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@davecgh davecgh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I personally prefer having it because e-mail is all plaintext and super insecure, but you're managing the program, so I'll defer to your judgement there.

Either way, the updates which look fine, so I'll approve it as that has nothing to do with the policy side.

@jholdstock jholdstock merged commit dc39b78 into decred:master Apr 29, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davecgh davecgh davecgh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jholdstock @davecgh