Merge pull request #51 from david-a-wheeler/e2e_ok

End-to-end support is okay too

maintainer-guide.md

@@ -149,7 +149,7 @@ We recommend using an email service for accepting vulnerability reports (such as
 
 The preferred standard for hop-to-hop encryption is Mail Transfer Agent Strict Transport Security (MTA-STS). MTA-STS requires encryption. An alternative is STARTTLS. STARTTLS attempts to switch to encrypted communication, and thus counters passive monitoring, but because it is opportunistic it is weak against active attacks. Use at least one; don't allow vulnerability reports to go unencrypted across the Internet.
 
-Hop-to-hop encryption isn't as strong as end-to-end encryption, but many users find it too difficult today to use end-to-end encryption, and it's more important to _get_ the vulnerability report.
+Hop-to-hop encryption isn't as strong as end-to-end encryption, but many users find it too difficult today to use end-to-end encryption when using email. Organizations are welcome to also support end-to-end encryption with email (e.g., OpenPGP), and if they do support it, researchers are welcome to use them. We believe it's more important to _get_ the vulnerability report.
 
 ### Enable private patch development