From f060cb5c63923d6caec784f65f3bb0aadf52f795 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 6 Mar 2018 16:22:42 +0100
Subject: agent: Also evict cached items via a timer.

* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 doc/gpg-agent.texi | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 3e8bd894d..4781bbdca 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -403,7 +403,10 @@ control this behavior but this command line option takes precedence.
 Set the time a cache entry is valid to @var{n} seconds.  The default
 is 600 seconds.  Each time a cache entry is accessed, the entry's
 timer is reset.  To set an entry's maximum lifetime, use
-@command{max-cache-ttl}.
+@command{max-cache-ttl}.  Note that a cached passphrase may not
+evicted immediately from memory if no client requests a cache
+operation.  This is due to an internal housekeeping function which is
+only run every few seconds.
 
 @item --default-cache-ttl-ssh @var{n}
 @opindex default-cache-ttl
-- 
cgit v1.2.3