# Beware of kgpg

## krotuss

Hi, to my great surprise, I have found out that when you launch *.gpg file using kgpg from dolphin, kgpg starts immediately (after providing passphrase for private key) writing decrypted content into the same location as original encrypted file was present. How cool is that? This is great especially if source location is r/w mounted insecure share... This is second time that I was let down by security related OS software. Another one was when kmail send mail that was supposed to be encrypted in plain text. I am starting to think that maybe leading "k" is common denominator here...

----------

## Zucca

If you can, write a patch and post it with a bug report for gentoo devs and for upstream also.

If not, then best is to just submit bug report to upstream at least.

I don't know if this is something GLSA would publish...

----------

