Thoughts on GnuPG and automation

Brian Minton brian at
Tue Mar 3 16:23:13 CET 2015

It breaks mailpile because gpg-agent is not session aware.  A user could
be logged in locally, using mailpile, and a remote attacker could access
the web interface of that locally running mailpile instance, which since
it is talking to the same gpg-agent, would think the remote user is
logged in (or more precisely, has the private key).

I think that one solution would be to have mailpile use a per-session
gpg home dir.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 274 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150303/00a43a6a/attachment.sig>

More information about the Gnupg-users mailing list