> If I understand the explanation of the patch, it sounds like it > violates the point of having the pgp/gpg password expire which is > that the mutt user must provide the password to limit the damage > done if someone else gains access to the mutt session. Extending > the cache time of the password allows more spoofed e-mails. While this might be true, the trade-off is that I can now set a much lower timeout value. I used to have a timeout value of 15 minutes because I got tired of entering my passsphrase so often. Now my timeout is set to 60 seconds. By my reckoning, this substantially reduces the likelihood of someone gaining access to my mutt session. Ben
Attachment:
pgpB7FuauFNee.pgp
Description: PGP signature