> Not only do I get the impression that bug reports sent in this manner are not
> being acted on .......
I am under the same impression too.
When one clicks on 'https://roundup.it.su.se/jira/browse/HEIMDAL', you get
'Server not found' page.
The same happens when you click on
Please, have a look at the (recent) issues on GitHub.
From: Heimdal-discuss <heimdal-discuss-boun...@h5l.org> on behalf of Sergio
Sent: Wednesday, 30 August 2017 8:18 PM
Subject: About the vulnerability reporting instructions on the web site
I am under the impression that Heimdal's process for reporting sensitive bugs
is broken. I am referring to the following sentence on https://www.h5l.org/ :
What is Heimdal? Heimdal is an implementation of Kerberos 5 (and some more
stuff) largely written in Sweden (which was important when we started writing
it, less so ...
"Security sensitive bug reports should be sent to heimdal-b...@h5l.org using
this PGP key (key id 3B81827E)."
Not only do I get the impression that bug reports sent in this manner are not
being acted on (it could be just a lack of feedback but that's also a problem),
but all subkeys of that PGP key have expired: the ones in the file on the web
site ten years ago, the newer ones available through the PGP keyservers more
The web site *is* being updated with release information so I don't understand
why it is not also being updated with contact information.