I am under the impression that Heimdal's process for reporting sensitive bugs
is broken. I am referring to the following sentence on https://www.h5l.org/ :

"Security sensitive bug reports should be sent to heimdal-b...@h5l.org using 
this PGP key (key id 3B81827E)."

Not only do I get the impression that bug reports sent in this manner are not
being acted on (it could be just a lack of feedback but that's also a problem),
but all subkeys of that PGP key have expired: the ones in the file on the web
site ten years ago, the newer ones available through the PGP keyservers more

The web site *is* being updated with release information so I don't understand
why it is not also being updated with contact information.

Attachment: signature.asc
Description: PGP signature

Reply via email to