desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #122478
[Bug 1325833] Re: gnome-keyring has an inadequate man page and employs insecure defaults for GPG passphrase caching
** Changed in: gnome-keyring
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1325833
Title:
gnome-keyring has an inadequate man page and employs insecure defaults
for GPG passphrase caching
Status in GNOME keyring services:
Confirmed
Status in gnome-keyring package in Ubuntu:
Confirmed
Bug description:
The GCR package has no man page or other documentation that would explain how the GPG passphrase caching is configured.
For a package that deals with a critical piece of security infrastructure that is not acceptable.
It defaults to caching GPG passphrases for the whole session which
again is not good security practice.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: gcr 3.10.1-1
ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11
Uname: Linux 3.13.0-27-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Jun 3 09:17:51 2014
InstallationDate: Installed on 2014-04-24 (39 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
SourcePackage: gcr
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-keyring/+bug/1325833/+subscriptions