Vincent Breitmoser

For non-cached ones, we can just delete them on screen lock - no reason to keep them around at all :) Such an option would be the way to go,...

That would require significant rewrites to the PassphraseCacheService, and opens up a number of new problems, e.g. how to deal with subkeys. It's also not the direction we want to...

It pains me to say, but the Android keystore doesn't seem to be a reasonable option at this point: https://doridori.github.io/android-security-the-forgetful-keystore/

Android KeyChain is for X509 certificates, I really don't see how those could be useful for us.

To be honest, keeping a signing key in the authentication slot and using it for signing sounds like a hack. But I would not be opposed to using the auth...

I'm [two layers downstream](https://gitlab.com/hagrid-keyserver/hagrid) and needed this, so I implemented an RFC 2047 encoder. It doesn't tick all of the boxes from above yet, but I believe it does q-encoding...

getting this same segfault and another one on test #14 on an up to date debian wheezy as well

phewww. zsh env files do really arbitrary stuff, we can't hope to reliably deal with that in the general case. the "for powerlevel10k we'll need to disable the prompt twice"...

If I'm reading that code right, the locale part (so `-Lo` out of `ln-Lo`) is simply ignored? I believe it is very important to support this because of the Chinese...

guess this one's done?