Hello, I just had the idea that it might be a good countermeasure against malicious software not to use a cached passphrase without any user interaction (and thus without user notice). A good compromise would be to open a dialog which does not ask for the passphrase but just for the confirmation that it's OK to use the passphrase. The dialog could mention the process accessing gpg-agent.
CU Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
