About the vulnerability reporting instructions on the web site

I am under the impression that Heimdal's process for reporting sensitive bugs is broken. I am referring to the following sentence on https://www.h5l.org/ : "Security sensitive bug reports should be sent to heimdal-b...@h5l.org using this PGP key (key id 3B81827E)." Not only do I get the

Re: Segfaults after receiving invalid AS-REQ

14, filed an encrypted bug report to heimdal-bugs the next day with the attached patch. No reaction. Not to my status query the other day either. commit 7a1cf14d57608401dde283ee76c2ec5c7f648e41 tree d77d9f1e9f2b2c9c4481a4f7f63b551e6cba62c8 parent ce3e80c72a58aeae5298aea9c4e5ee4719e95b76 author Serg