On 07/01/2017 03:17 PM, Steve Kinney wrote: > Last time I checked, this bug was dismissed by Debian as a non-issue, > saying that exploiting it would require physical access to the machine > and "physical access is game over." That's an excuse to leave the bug > in place, not a reason. I am sure present company can provide several > examples of cases where the presence of gnupg-agent in its present > broken condition "is game over" for the user.
Are you sure you didn't accidentally save your passphrase to your GNOME password manager (seahorse)? I thought I had the same problem where passphrases were being cached far longer than they should be, until I found this "helpful" remembering of my passphrase (which I have since fixed). I'm going to do some further testing; I have explicitly added the supposed default TTL values to gpg-agent.conf and I will see if I still have issues. -- Shawn K. Quinn <skqu...@rushpost.com> http://www.rantroulette.com http://www.skqrecordquest.com
signature.asc
Description: OpenPGP digital signature