From xemacs-m  Sat Aug 23 14:15:52 1997
Received: from axl01it (axl01it.ntc.nokia.com [131.228.118.232])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id OAA24429
	for <xemacs-beta@xemacs.org>; Sat, 23 Aug 1997 14:15:51 -0500 (CDT)
Received: from zeus.tele.nokia.fi (zeus.tele.nokia.fi [131.228.134.50]) by axl01it (8.8.5/8.6.9) with SMTP id WAA29420 for <xemacs-beta@xemacs.org>; Sat, 23 Aug 1997 22:15:48 +0300 (EET DST)
Received: from pegasus.tele.nokia.fi (pegasus.ntc.nokia.com [131.228.169.148]) by zeus.tele.nokia.fi (8.6.4/8.6.4) with ESMTP id WAA12527 for <xemacs-beta@xemacs.org>; Sat, 23 Aug 1997 22:18:36 +0300
Received: (from jaalto@localhost) by pegasus.tele.nokia.fi (8.7.5/8.7.1) id WAA12684; Sat, 23 Aug 1997 22:15:50 +0300 (EETDST)
Date: Sat, 23 Aug 1997 22:15:50 +0300 (EETDST)
Message-Id: <199708231915.WAA12684@pegasus.tele.nokia.fi>
From: Jari Aalto <jaalto@tre.tele.nokia.fi>
To: xemacs-beta@xemacs.org
Subject: PGP security threat alert
X-info: Emacs tiny tools: ftp://cs.uta.fi/pub/ssjaaa/
Reply-to: <jari.aalto@poboxes.com> (pgp preferred ssjaaa@uta.fi | pgp -fka)
X-Pgp-Signed: Id=0x47141D35; Comment="Processed by Emacs TinyPgp.el 1.257";
  SignedHeaders=Subject, Reply-to; 
  Version=2.6.3ia; Charset=noconv; Signature=
  "iQBVAwUBM/824sC67dVHFB01AQFHqQH5ASu1M1dJ+dGx3TqOA6SLaohbE/xsUKAI"
  "+7NglIj0tq6ELpAlN1+YJlaOXT9MKq2x1XRmD7cEF56fQwhX4hWMYQ=="
  "=RvaS"
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: text/plain; charset=US-ASCII

        Hi,

        I have just found out that XEmacs records everything to the
        *lossage* buffer (C-h l). When I ask password from
        the echo area by turning off the character echo, anyone
        can still snoop what I typed by just issuing

            C-h l   view-lossage

        Since I'm writing 2nd generation Emacs PGP interface, this
        is a very serious threat. I'm very much afraid that
        my PGP passwords are directly available and that
        there is no lisp way to wipe the C-h l log.

        I'd like to see that there would be some (any) way
        to tell emacs "Do not log any typing during reading input"

        Please add some such feature as soon as possible.

        Regards,
        jari

