[Gpg4win-devel] web page about reporting a bug
Werner Koch
wk at gnupg.org
Thu Aug 3 18:09:14 CEST 2006
On Thu, 3 Aug 2006 15:24, Bernhard Reiter said:
> b) The logging method we describe should not be one where the user
> needs to delete passwords from the text. This seems to unsecure to me.
> If we fail the logging method that is save against listing passwords,
> we should better not list it.
Attaching a debugger (that is what GPGME_DEBUG actually is) will
always reveal passwords. Thus we need to make the user aware of it.
Passwords done through the regular gpgol logging are hidden. But
well, tehre might be a bug thus it is always good to check for this.
Shalom-Salam,
Werner
More information about the Gpg4win-devel
mailing list