From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63760
Path: news.gmane.org!not-for-mail
From: Richard Stallman <rms@gnu.org>
Newsgroups: gmane.emacs.gnus.general,gmane.emacs.devel
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Tue, 19 Sep 2006 18:56:59 -0400
Message-ID: <E1GPoWR-0007Gp-QP@fencepost.gnu.org>
References: <b4maca88q6i.fsf@jpl.org>
	<def1aabc-69b9-4b1d-bb84-e65c63540eac@well-done.deisui.org>
	<b4mmze82cse.fsf@jpl.org> <b4mwtdbfqob.fsf@jpl.org>
	<9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org>
	<b4mpsj3gw1s.fsf@jpl.org> <b4my7xrfg5o.fsf@jpl.org>
	<4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org>
	<87fyjz2gaj.fsf@pacem.orebokech.com>
	<v9iroj49cz.fsf@marauder.physik.uni-ulm.de>
	<v9mz9itt6y.fsf_-_@marauder.physik.uni-ulm.de>
	<87ac5gnccs.fsf@mid.deneb.enyo.de>
	<e0049689-8507-4a77-9b09-447f21211249@broken.deisui.org>
	<E1GKXSp-0002f5-Gr@fencepost.gnu.org>
	<8fe569ef-0b5e-4c29-b434-686fce4c619b@well-done.deisui.org>
	<E1GL2iA-0000uI-22@fencepost.gnu.org>
	<smubqpshjs5.fsf@linuxpal.mit.edu>
	<E1GLRBs-0000Wx-NR@fencepost.gnu.org> <m2wt808992.fsf@kenny.sha-bang.de>
Reply-To: rms@gnu.org
NNTP-Posting-Host: main.gmane.org
Content-Type: text/plain; charset=ISO-8859-15
X-Trace: sea.gmane.org 1158707129 8410 80.91.229.2 (19 Sep 2006 23:05:29 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Tue, 19 Sep 2006 23:05:29 +0000 (UTC)
Cc: gdt@work.lexort.com, satyaki@chicory.stanford.edu,
	Reiner.Steib@gmx.de, ueno@unixuser.org, ding@gnus.org,
	emacs-devel@gnu.org, wk@gnupg.org, fw@deneb.enyo.de,
	jas@extundo.com
Original-X-From: ding-owner+m12287@lists.math.uh.edu Wed Sep 20 01:05:25 2006
Return-path: <ding-owner+m12287@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by ciao.gmane.org with esmtp (Exim 4.43)
	id 1GPoeP-0005v0-3p
	for ding-account@gmane.org; Wed, 20 Sep 2006 01:05:13 +0200
Original-Received: from localhost
	([127.0.0.1] helo=lists.math.uh.edu ident=lists)
	by malifon.math.uh.edu with smtp (Exim 3.20 #1)
	id 1GPoe7-0006nN-00; Tue, 19 Sep 2006 18:04:55 -0500
Original-Received: from mx1.math.uh.edu ([129.7.128.32])
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 1GPoWd-0006nH-00
	for ding@lists.math.uh.edu; Tue, 19 Sep 2006 17:57:11 -0500
Original-Received: from quimby.gnus.org ([80.91.227.211])
	by mx1.math.uh.edu with esmtp (Exim 4.52)
	id 1GPoWZ-0008OQ-Ke
	for ding@lists.math.uh.edu; Tue, 19 Sep 2006 17:57:11 -0500
Original-Received: from fencepost.gnu.org ([199.232.76.164])
	by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian))
	id 1GPoWW-0000U3-00
	for <ding@gnus.org>; Wed, 20 Sep 2006 00:57:04 +0200
Original-Received: from rms by fencepost.gnu.org with local (Exim 4.34)
	id 1GPoWR-0007Gp-QP; Tue, 19 Sep 2006 18:56:59 -0400
Original-To: Sascha Wilde <wilde@sha-bang.de>
In-reply-to: <m2wt808992.fsf@kenny.sha-bang.de> (message from Sascha Wilde on
	Tue, 19 Sep 2006 12:02:17 +0200)
X-Spam-Score: -2.6 (--)
Precedence: bulk
Original-Sender: ding-owner@lists.math.uh.edu
Xref: news.gmane.org gmane.emacs.gnus.general:63760 gmane.emacs.devel:60023
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/63760>

    Finlay I do agree that the current handling of passphrases in Emacs is
    a serious security problem, which should be solved.

The solution of waiting a while and urging people to start using
gpg-agent is by far the easiest.  If you think we need another interim
solution, would you please implement it?