[sylpheed:33556] Re: PGP decrypted messages in ~/.sylpheed-2.0/mimetmp for too long?
Jan Stępień
jan at stepien.cc
Sun Jan 17 09:14:11 JST 2010
On Sat, 16 Jan 2010 23:45:41 +0100
Antonio Ospite <ospite at studenti.unina.it> wrote:
> when I open a PGP encrypted message sylpheed asks me the passphrase,
> decrypts the message and displays it, it also saves a decrypted copy
> (e.g. plaintext.00000001) of the message into ~/.sylpheed-2.0/mimetmp.
>
> The question is: shouldn't the decrypted copy on the filesystem be
> deleted as soon as the user selects another message (or avoided at
> all)? Right now sylpheed deletes it only when the whole program exits
> (or when it starts).
I'd say that for security reasons the decrypted version shouldn't be
stored in the file system at all - it should be placed in the memory.
Kind regards,
--
Jan Stępień <jan at stepien.cc>
More information about the Sylpheed
mailing list