The original bug report that I submitted said: The password expiry time, which decides how much time should pass before asking you the master password again, can be changed without entering the master password itself. This is a serious security hole, because I can set it to 2 minutes and go away from the room. Then someone gets in, changes the time to 1000 minutes, and the next time they can use my master password without me noticing anything.
and you closed it with: >Lock your session. >If you left your session open someone would be able to put a keylogger >to get your password. I think this answer does not make sense. If you suppose that you are always in front of your screen or else you lock it, then the password expiry time has no meaning. The only meaning I can see for the password expiry time is that, after some time you don't use your passwords, you are sure that your password wallet is locked. But, given that the expiry time can be changed without entering the master password, the whole purpose of the expiry time is moot. If your answer is good, then that's a good reason to remove the password expiry time feature at all. Please reopen this bug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
