Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable

Fri, 20 Oct 2000 03:03:15 -0700 

Don't do that.

Storing the pgp pass phrase in an environment variable may have been
a valid option on MS-DOS computers.  It isn't on Unix machines,
since the environment is not guaranteed to be confidential.

Also, what's the point in using a shell script like the one below?

- There is no reason to avoid running two mutts on the same mailbox.
  Mutt _does_ know how to graciously deal with concurrent access to
  mail folders.

- There is no point in asking for the pass phrase in a shell script,
  and then storing it in $PGPPASS.  Mutt will ask for the pass
  phrase the first time it's needed, and remember it for the coming
  $pgp_timeout seconds.  The default is 300 seconds; you can easily
  change that from your .muttrc.
  
Note that the mechanism mutt uses to pass the pass phrase to pgp
_is_ safe against eavesdropping by other users on the same system.


On 2000-10-20 10:21:20 +0200, Daniel Kollar wrote:
> Date: Fri, 20 Oct 2000 10:21:20 +0200
> From: Daniel Kollar <[EMAIL PROTECTED]>
> To: Mutt User List <[EMAIL PROTECTED]>
> Subject: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
> Mail-Followup-To: Mutt User List <[EMAIL PROTECTED]>
> User-Agent: Mutt/1.2i
> 
> Hello mutt-developers,
> 
> here is a feature request for future versions of mutt:
> 
> Mutt looks for the PGPPASS environment variable. If this is set, then
> no passphrase is needed to be send to pgp program, because pgp looks
> for the PGPPASS variable by itself.
> Mutt will also not ask the user for the passphrase.
> 
> This should be easy to implement.
> 
> The user would then have the option to set the passphrase via a
> wrapper-script permanently.
> For example:
> ------------------------ muttwrap -------------------
> #!/usr/bin/sh
> set $passparam=$*
> if ( ps -U $LOGNAME | grep mutt | grep -v muttwrap > /dev/null ) then
>   echo "WARNING: You are already running Mutt."
>   echo "         Starting Mutt in readonly mode."
>   echo
>   echo "Please enter passphrase: "
>   stty -echo
>   read pgppassphrase
>   PGPPASS=$pgppassphrase; export PGPPASS
>   stty echo
>   $PATHTOMUTT/mutt -R $*
> else
>   echo "Please enter passphrase: "
>   stty -echo
>   read pgppassphrase
>   PGPPASS=$pgppassphrase; export PGPPASS
>   stty echo
>   $PATHTOMUTT/mutt $passparam
> fi
> ------------------------------------------------------
> 
> Thank you very much!
> 
> Regards,
> Daniel.
> 

-- 
Thomas Roessler                         <[EMAIL PROTECTED]>

Reply via email to