*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
The GCR package has no man page or other documentation that would explain how
the GPG passphrase caching is configured.
For a package that deals with a critical piece of security infrastructure that
is not acceptable.
It defaults to caching GPG passphrases for the whole session which again
is not good security practice.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: gcr 3.10.1-1
ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11
Uname: Linux 3.13.0-27-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Jun 3 09:17:51 2014
InstallationDate: Installed on 2014-04-24 (39 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
SourcePackage: gcr
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: gnome-keyring (Ubuntu)
Importance: Wishlist
Status: Confirmed
** Tags: amd64 apport-bug trusty
--
GCR has no man page and employs insecure defauts for GPG passphrase caching
https://bugs.launchpad.net/bugs/1325833
You received this bug notification because you are a member of Ubuntu Desktop
Bugs, which is subscribed to gnome-keyring in Ubuntu.
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
