> I am bemused by an approach to accepting
> security reports which is to go through the
> motions of having PGP public keys available
> for people to use to report issues but upon
> receiving such a request ask for it to be
> submitted without PGP because digging out
> the keys is too much of a hassle.
