On 29/09/15 15:28, Daniel Kahn Gillmor wrote: > On Tue 2015-09-29 08:53:32 -0400, Andrew Gallagher <andr...@andrewg.com> > wrote: >> On 28/09/15 23:16, SGT. Garcia wrote: >>> On Mon, Sep 28, 2015 at 04:10:10PM -0400, Daniel Kahn Gillmor wrote: >>>> >>>> Do you ever import keys that other people >>>> send you? or keys you find on the web? or keys attached to e-mail >>>> messages? Are you sure the things imported can't include a secret key? >>> >>> this is the first time i hear about *importing* to be honest. after >>> reading, yes >>> just reading, your email a new key was added and on the next run of 'notmuch >>> new' i was asked for it by pinentry. i'm guessing mutt imports any key it >>> finds >>> in attachments. >> >> Surely that 'feature' needs removing asap? > > I'm surprised to hear that notmuch has this feature, and i haven't seen > it happen myself. I'm one of the people who helped contribute to > notmuch's OpenPGP mechanisms. > > This sounds like something to be raised on the notmuch mailing list, > though.
I was referring to mutt (allegedly) importing random secret keys that it finds attached to arbitrary mails... but yes, a discussion for elsewhere. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
