*** This bug is a security vulnerability *** You have been subscribed to a public security bug:
The GCR package has no man page or other documentation that would explain how the GPG passphrase caching is configured. For a package that deals with a critical piece of security infrastructure that is not acceptable. It defaults to caching GPG passphrases for the whole session which again is not good security practice. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: gcr 3.10.1-1 ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11 Uname: Linux 3.13.0-27-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 CurrentDesktop: XFCE Date: Tue Jun 3 09:17:51 2014 InstallationDate: Installed on 2014-04-24 (39 days ago) InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) SourcePackage: gcr UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: gnome-keyring (Ubuntu) Importance: Wishlist Status: Confirmed ** Tags: amd64 apport-bug trusty -- GCR has no man page and employs insecure defauts for GPG passphrase caching https://bugs.launchpad.net/bugs/1325833 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-keyring in Ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs