> Not only do I get the impression that bug reports sent in this manner are not 
> being acted on .......

I am under the same impression too.

When one clicks on 'https://roundup.it.su.se/jira/browse/HEIMDAL', you get 
'Server not found' page.

The same happens when you click on 
'https://list.sics.se/sympa/info/heimdal-discuss'.


Please, have a look at the (recent) issues on GitHub.


________________________________
From: Heimdal-discuss <heimdal-discuss-boun...@h5l.org> on behalf of Sergio 
Gelato <gelato-heimdal-disc...@astro.su.se>
Sent: Wednesday, 30 August 2017 8:18 PM
To: heimdal-discuss@h5l.org
Subject: About the vulnerability reporting instructions on the web site

I am under the impression that Heimdal's process for reporting sensitive bugs
is broken. I am referring to the following sentence on https://www.h5l.org/ :
Heimdal<https://www.h5l.org/>
www.h5l.org
What is Heimdal? Heimdal is an implementation of Kerberos 5 (and some more 
stuff) largely written in Sweden (which was important when we started writing 
it, less so ...



"Security sensitive bug reports should be sent to heimdal-b...@h5l.org using 
this PGP key (key id 3B81827E)."

Not only do I get the impression that bug reports sent in this manner are not
being acted on (it could be just a lack of feedback but that's also a problem),
but all subkeys of that PGP key have expired: the ones in the file on the web
site ten years ago, the newer ones available through the PGP keyservers more
recently.

The web site *is* being updated with release information so I don't understand
why it is not also being updated with contact information.

Reply via email to