Re: Fix needed for communication with gpg-agent

[Richard Stallman]

    > We need to solve this problem one way or another now, because we
    > decided to fix a certain security hole by telling users to use
    > gpg-agent.  We don't need the most elegant possible fix, but we
    > need something reasonable to use.

    Has anyone ever said that not using gpg-agent causes a security hole
    (except for you)?

What a silly question!  I am not an expert on security, so such a
concern idea would NEVER originate from me.  Thus problem was
described in this list by others, a few months ago.

      Basically, the worry is that someone could somehow
    change the Elisp code in your Emacs session so that it records your
    passphrase as you are entering it.  This is a non-zero but minuscule
    risk.

I think he could also walk up to your terminal after you have entered
the passphrase, and get it out of data remaining in Emacs.

In the discussion when this was raised, people seemed to agree
it was a problem we should fix.  And the only fix was to avoid
storing passphrases in Emacs.