From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63760 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.gnus.general,gmane.emacs.devel Subject: Re: Security flaw in pgg-gpg-process-region? Date: Tue, 19 Sep 2006 18:56:59 -0400 Message-ID: References: <9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org> <4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org> <87fyjz2gaj.fsf@pacem.orebokech.com> <87ac5gnccs.fsf@mid.deneb.enyo.de> <8fe569ef-0b5e-4c29-b434-686fce4c619b@well-done.deisui.org> Reply-To: rms@gnu.org NNTP-Posting-Host: main.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: sea.gmane.org 1158707129 8410 80.91.229.2 (19 Sep 2006 23:05:29 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 19 Sep 2006 23:05:29 +0000 (UTC) Cc: gdt@work.lexort.com, satyaki@chicory.stanford.edu, Reiner.Steib@gmx.de, ueno@unixuser.org, ding@gnus.org, emacs-devel@gnu.org, wk@gnupg.org, fw@deneb.enyo.de, jas@extundo.com Original-X-From: ding-owner+m12287@lists.math.uh.edu Wed Sep 20 01:05:25 2006 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1GPoeP-0005v0-3p for ding-account@gmane.org; Wed, 20 Sep 2006 01:05:13 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1GPoe7-0006nN-00; Tue, 19 Sep 2006 18:04:55 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1GPoWd-0006nH-00 for ding@lists.math.uh.edu; Tue, 19 Sep 2006 17:57:11 -0500 Original-Received: from quimby.gnus.org ([80.91.227.211]) by mx1.math.uh.edu with esmtp (Exim 4.52) id 1GPoWZ-0008OQ-Ke for ding@lists.math.uh.edu; Tue, 19 Sep 2006 17:57:11 -0500 Original-Received: from fencepost.gnu.org ([199.232.76.164]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1GPoWW-0000U3-00 for ; Wed, 20 Sep 2006 00:57:04 +0200 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.34) id 1GPoWR-0007Gp-QP; Tue, 19 Sep 2006 18:56:59 -0400 Original-To: Sascha Wilde In-reply-to: (message from Sascha Wilde on Tue, 19 Sep 2006 12:02:17 +0200) X-Spam-Score: -2.6 (--) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:63760 gmane.emacs.devel:60023 Archived-At: Finlay I do agree that the current handling of passphrases in Emacs is a serious security problem, which should be solved. The solution of waiting a while and urging people to start using gpg-agent is by far the easiest. If you think we need another interim solution, would you please implement it?