> Not only do I get the impression that bug reports sent in this manner are not > being acted on .......
I am under the same impression too. When one clicks on 'https://roundup.it.su.se/jira/browse/HEIMDAL', you get 'Server not found' page. The same happens when you click on 'https://list.sics.se/sympa/info/heimdal-discuss'. Please, have a look at the (recent) issues on GitHub. ________________________________ From: Heimdal-discuss <[email protected]> on behalf of Sergio Gelato <[email protected]> Sent: Wednesday, 30 August 2017 8:18 PM To: [email protected] Subject: About the vulnerability reporting instructions on the web site I am under the impression that Heimdal's process for reporting sensitive bugs is broken. I am referring to the following sentence on https://www.h5l.org/ : Heimdal<https://www.h5l.org/> www.h5l.org What is Heimdal? Heimdal is an implementation of Kerberos 5 (and some more stuff) largely written in Sweden (which was important when we started writing it, less so ... "Security sensitive bug reports should be sent to [email protected] using this PGP key (key id 3B81827E)." Not only do I get the impression that bug reports sent in this manner are not being acted on (it could be just a lack of feedback but that's also a problem), but all subkeys of that PGP key have expired: the ones in the file on the web site ten years ago, the newer ones available through the PGP keyservers more recently. The web site *is* being updated with release information so I don't understand why it is not also being updated with contact information.
