Is bug bounty program(as mentioned in SECURITY.md) still active? cause PGP key for submission is expired.

[haxonittech]

I’m preparing a vulnerability submission to bugbounty@decred.org under your Vulnerability disclosure program #2082 . The PGP key currently published on the bug bounty page has fingerprint:

FingerPrint: D507 9E93 D0AF F567 DEF2 F6AC 6457 2029 21F7 0A78

But the PGP key provided at https://bounty.decred.org/#Submit%20Vulnerability is expired

Can you confirm whether I should still encrypt the submission to this published key?

[jholdstock]

Please feel free to submit the report unencrypted and there will be no penalty for doing so.