desktop-packages team mailing list archive

Thread
Date

[Bug 1325833] Re: gnome-keyring has an inadequate man page and employs insecure defaults for GPG passphrase caching

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <1325833@xxxxxxxxxxxxxxxxxx>
Date: Mon, 08 Jun 2015 02:27:28 -0000
Reply-to: Bug 1325833 <1325833@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: gnome-keyring
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1325833

Title:
  gnome-keyring has an inadequate man page and employs insecure defaults
  for GPG passphrase caching

Status in GNOME keyring services:
  Confirmed
Status in gnome-keyring package in Ubuntu:
  Confirmed

Bug description:
  The GCR package has no man page or other documentation that would explain how the GPG passphrase caching is configured.
  For a package that deals with a critical piece of security infrastructure that is not acceptable.

  It defaults to caching GPG passphrases for the whole session which
  again is not good security practice.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: gcr 3.10.1-1
  ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11
  Uname: Linux 3.13.0-27-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.1-0ubuntu3.2
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Tue Jun  3 09:17:51 2014
  InstallationDate: Installed on 2014-04-24 (39 days ago)
  InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
  SourcePackage: gcr
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-keyring/+bug/1325833/+subscriptions