On Tue, Sep 29, 2015 at 03:33:38PM +0100, Andrew Gallagher wrote: > On 29/09/15 15:28, Daniel Kahn Gillmor wrote: > > On Tue 2015-09-29 08:53:32 -0400, Andrew Gallagher <andr...@andrewg.com> > > wrote: > >> On 28/09/15 23:16, SGT. Garcia wrote: > >>> On Mon, Sep 28, 2015 at 04:10:10PM -0400, Daniel Kahn Gillmor wrote: > >>>> > >>>> Do you ever import keys that other people > >>>> send you? or keys you find on the web? or keys attached to e-mail > >>>> messages? Are you sure the things imported can't include a secret key? > >>> > >>> this is the first time i hear about *importing* to be honest. after > >>> reading, yes > >>> just reading, your email a new key was added and on the next run of > >>> 'notmuch > >>> new' i was asked for it by pinentry. i'm guessing mutt imports any key it > >>> finds > >>> in attachments. > >> > >> Surely that 'feature' needs removing asap? > > > > I'm surprised to hear that notmuch has this feature, and i haven't seen > > it happen myself. I'm one of the people who helped contribute to > > notmuch's OpenPGP mechanisms. > > > > This sounds like something to be raised on the notmuch mailing list, > > though. > > I was referring to mutt (allegedly) importing random secret keys that it > finds attached to arbitrary mails... but yes, a discussion for elsewhere. > > A >
mutt indeed; not notmuch. notmuch; well in fact in my setting isync is going to sync _everything_ with upstream imap repo regardless. my best guess is that it's mutt that imports the key. i will resend a copy of this to mutt's mailing list. sgt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
