If project members don't welcome that in an actively developed project, that they use themselves too, sometimes in fairly critical scenarios, then that's a bit incomprehensible.
I've found fairly serious crasher bug due to misuse of OpenSSL API in multiprocess context with shared memory and a race condition leading to use of unexpected pointer values in one SIP proxy project, that recently even commissioned a code audit, which lead me to thinking they care about quality of the code.
I provided analysis and a suggested fixes for both issues. More than month into this, no response from anyone related to the project. Thus:
1) It's fine, purely technically... I can apply my own patches, debug the project and fix issues.
2) It's concerning, because it makes the project less trustworthy to me. What other people's serious bug fixes just went into oblivion due to "issue autoclose" bot they use on github and are lingering in the codebase for no reason other than the fix author not wanting to prop up the issue by commenting on it every 7 days?
3) How many such devs just keep crasher and security fixes for themselves, because they realized the project owners are not very responsive, and expanding 2x the effort to describe the issue to someone else, rather than just fixing it for themselves and moving on, is not worth the additional effort.