On Sun, Feb 01, 2004 at 06:54:50PM +0100, Thomas Roessler wrote: > Sounds good to me. Any thoughts from others? If I understand the explanation of the patch, it sounds like it violates the point of having the pgp/gpg password expire which is that the mutt user must provide the password to limit the damage done if someone else gains access to the mutt session. Extending the cache time of the password allows more spoofed e-mails. > On 2004-01-19 15:08:31 +1100, Ben Elliston wrote: > > From: Ben Elliston <bje+dated+1074917314.d5e4f1@xxxxxxxxxx> > > To: mutt-dev@xxxxxxxx > > Date: Mon, 19 Jan 2004 15:08:31 +1100 > > Subject: PGP timeout patch > > X-Spam-Level: * > > > > The following (rough) patch refines the PGP passphrase timeout > > mechanism, such that sending a message with a cached passphrase will > > restart the expiry timer. This has the advantage that: > > > > * sending a continuous stream of messages will prevent Mutt > > from repeatedly asking for the passphrase, irritating the user; > > > > * the user can choose a much lower timeout value as a result. > > > > If the idea of this patch is acceptable, I will tidy it up, make sure > > that the patch applies cleanly to CVS head and test it. > > > > Cheers, Ben > > > > --- pgp.c.orig 2002-01-10 02:39:28.000000000 +1100 > > +++ pgp.c > > @@ -55,7 +55,7 @@ > > > > > > char PgpPass[STRING]; > > -static time_t PgpExptime = 0; /* when does the cached passphrase expire? */ > > +time_t PgpExptime = 0; /* when does the cached passphrase expire? */ > > > > void pgp_void_passphrase (void) > > { > > > > --- send.c.orig 2002-01-31 09:50:59.000000000 +1100 > > +++ send.c > > @@ -1611,6 +1611,13 @@ full_fcc: > > } > > } > > > > +#ifdef HAVE_PGP > > + { > > + /* Extend the expiry time while messages keep getting sent. */ > > + extern time_t PgpExptime; > > + PgpExptime = time (NULL) + PgpTimeout; > > + } > > +#endif /* HAVE_PGP */ > > > > rv = 0; > > > > -- > Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>. -- Will Fiveash (signing my e-mail with GnuPG so you'll know this came from me and not a virus. My key ID is 7D31DC39. Key server: www.keyserver.net)
Attachment:
pgpuZI4bbz47Q.pgp
Description: PGP signature