On Friday, 24 November 2017 14:39:26 UTC+8, Jean-Philippe Ouellet wrote: > No! I would very strongly recommend against that! > > That allows any VM (including entirely untrusted ones, like sys-net, > DispVMs with who knows what, etc.) to sign & decrypt stuff with your > keys! > > Use a specific source vm in the first field, not $anyvm, otherwise you > may actually be better off without split-gpg entirely depending on > your threat model.
I still get the notification asking me to allow the signing. With the line added, the behaviour seems to be identical to what I had in 3.2. Regards, Elias -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/0655c425-c010-4eb3-9aa7-93e849c6b464%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.