search

dyne / JaroMail

Terminal UI email client to download, filter, search and archive messages off-line
https://dyne.org/software/jaro-mail
GNU General Public License v3.0
103 stars 9 forks source link

gpg using insecure memory #28

Closed parazyd closed 7 years ago

parazyd commented 7 years ago

Just leaving a note for later investigation...

Peeking/fetching/any action using gpg to decrypt the password from passwordstore drops a warning from gpg:

gpg: Warning: using insecure memory!

This is probably regarding to Jaromail's password handling in general when using pass.

jaromil commented 7 years ago

Both for this and for gpg handling in Tomb I wonder if we should start using ASSUAN messaging with gpg-agent.

parazyd commented 7 years ago

We could start using ASSUAN, as I believe gnupg2 is what should be a standard nowadays.

The warning is due to an error in distributions' packaging of GnuPG. The executable should be suid - which is not the case in many distros.

Explained here: https://lists.gnupg.org/pipermail/gnupg-users/2000-October/006769.html