confirmation for --export-secret-key

[Huels, Ralf KSV]

>     If you have acccess to .mutrc you have alos access to
>     .gnupg/secring.gpg - so who cares.
> 
> While I may not agree with the initial author's request to have a prompt
> for exporting the secret key, Werner's statement here is not necessarily
> correct, and implies people are only working with a 'standard' system.  

ACK. I would also assume that users might not take equal care installing
(e.g.) a new mutt distribution as they would installing a GnuPG update.
Checking authenticity of the source might be more obvious with crypto
software. So I would not assume equal security for all programs.

Of course, an atacker might sneak code into the mutt source that
can access secring.gpg directly, but that seems to be more effort than
simply adding a function that calls gpg to make it spill it´s guts.

Tschuess,
Ralf 

-- 
Ralf Hüls                                                  Bismarckplatz
KSV Kreditschutz-Vereinigung GmbH                           44866 Bochum
Score-Consult                                         Tel. 02327/9114-28
http://www.schufa.de/                                 Fax. 02327/8 40 27


 

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org