Unlocking SSH keys or GnuPG keys on Ubuntu may result in (a lot of) debug infos logged to /var/log/auth.log - those lines should neither
* end up in auth.log nor
* be permanently stored anywhere on a default install.

Steps to reproduce:
1. install on Ubuntu 16.04: gnupg2, pinentry-gnome3
2. $ sudo update-alternatives --config pinentry
3. $ gpg2 --gen-key
4. $ gpg2 --use-agent --sign message.txt  # will use pinentry
5. $ sudo tail /var/log/auth.log

Sample messages (for more, see launchpad):
 Jan 12 10:55:43 sys gcr-prompter[7123]: Gcr: deriving shared transport key
 Jan 12 10:55:43 sys gcr-prompter[7123]: Gcr: deriving transport key
 Jan 12 10:55:43 sys gcr-prompter[7123]: Gcr: starting password prompt for callback /org/gnome/keyring/Prompt/p4@:1.2
 Jan 12 10:55:43 sys gcr-prompter[7123]: Gtk: GtkDialog mapped without a transient parent. This is discouraged.
 Jan 12 10:55:44 sys gcr-prompter[7123]: Gcr: completed password prompt for callback :1.2@/org/gnome/keyring/Prompt/p4

Please help investigating where this is happening; i have not been able to pinpoint the cause:
* gcr/gcr
* gcr/debian
* pinentry/gnome3
* pinentry/debian
* ..

Please clarify whether the "sending secret exchange" debug message could, under any circumstances, contain information that could disclose anything about the nature of the pins that have been entered, other than providing a detailed log of all pin entry events (by itself not exactly desirable).

https://bugs.launchpad.net/ubuntu/+source/gcr/+bug/1533267
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1576650

Note that a similar problem existed in 2.92~2.30 in 2010, debian/unstable changelogs reference it:
http://bazaar.launchpad.net/~ubuntu-branches/debian/squeeze/gnome-keyring/squeeze/revision/86#debian/patches/10_debugging_output.patch