The following reply was made to PR mutt/580; it has been noted by GNATS. From: Derek Martin <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Mutt Developers <[EMAIL PROTECTED]>, "Marco d'Itri" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: mutt/580: mutt stores PGP passphrase insecurely Date: Thu, 6 Oct 2005 22:27:50 -0400
--2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline On Wed, Oct 05, 2005 at 05:55:17AM +0200, Brendan Cully wrote: > Synopsis: mutt stores PGP passphrase insecurely > State-Changed-From-To: open->closed > State-Changed-Why: > Mutt can use gpg-agent, which pushes this problem outside of mutt's domain. Er, well, come on... just because Mutt *can* use an auxiliary program to handle encryption passphrases securely doesn't mean mutt itself should completely ignore the issue. As shipped, mutt is vulnerable. Admittedly this is not a severe issue, but it is a legitimate security concern. I think this really ought to be re-opened. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDRd0mHEnASN++rQIRApDeAJ0YWRLNxZO+2t3pnqhy6QIynUemiACfWKqd TMrjy3W680O1x1yH+EGTm5s= =cbWN -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
