GNOME Bugzilla – Bug 419901
gpg passphrase cached by evolution
Last modified: 2008-01-22 18:20:57 UTC
The bug has been opened on https://launchpad.net/bugs/92725 "Evolution caches my gpg passphrase (because I ask it to), but this makes sending in backtraces for evolution impossible, because I can't be sure its not in the core dump. Evolution really should use gnome-gpg instead and thus never have access to my gpg keyring. affects /ubuntu/evolution -- GPG key available at: <http://www.robertcollins.net/keys.txt>."
the gpg code doesn't cache the passphrase, the gpg agent might tho...
Sure about this? Evolution's 'Enter Passphrase' dialog box has a 'Remember this passphrase for the remainder of this session' checkbox...
You must be using an old gpg? The newer versions of gpg request a passphrase via the gpg-agent which is forced upon you (there's no way to disable it afaict, because I've personally tried). As far as submitting bug reports about evo and being worried his passphrase is in there... why not just grep for his passphrase? if it doesn't turn up, then it's not in there. If it is, he can XXX it out or whatever. And all this assumes he's using an old version of gpg which doesn't force the gpg-agent on you. Anyways, I'm not convinced this is a "bug" or that it needs fixing even if people are able to get the Evolution passphrase dialog because they use an old gpg. The Evolution gpg passphrase prompt remains as backward compatibility :) If you don't want Evolution to ever get a copy of your gpg passphrase, then install a newer gpg that forces the gpg-agent (which bypasses Evolution's gpg passphrase request).
Oh, that's neat... but camel seems to be hardcoded to call gpg rather that gpg2. :)
gpg isn't a symlink to gpg2 on your system? :(