--- /dev/null
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id E26F66DE178F\r
+ for <notmuch@notmuchmail.org>; Fri, 15 Jan 2016 11:12:00 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.025\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.025 tagged_above=-999 required=5\r
+ tests=[AWL=-0.025] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id RpBJSWAXJMlN for <notmuch@notmuchmail.org>;\r
+ Fri, 15 Jan 2016 11:11:59 -0800 (PST)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 4551D6DE0A87\r
+ for <notmuch@notmuchmail.org>; Fri, 15 Jan 2016 11:11:59 -0800 (PST)\r
+Received: from fifthhorseman.net (unknown [38.109.115.130])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id D0D00F984;\r
+ Fri, 15 Jan 2016 14:11:55 -0500 (EST)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+ id 474F72002F; Fri, 15 Jan 2016 11:11:55 -0800 (PST)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: Tomi Ollila <tomi.ollila@iki.fi>, David Bremner <david@tethera.net>,\r
+ Notmuch Mail <notmuch@notmuchmail.org>\r
+Subject: Re: [PATCH 7/9] add a gpg_path value for notmuch_database_t\r
+In-Reply-To: <m21taqbnt8.fsf@guru.guru-group.fi>\r
+References: <1449718786-28000-1-git-send-email-dkg@fifthhorseman.net>\r
+ <1449718786-28000-8-git-send-email-dkg@fifthhorseman.net>\r
+ <m21tas7ifa.fsf@guru.guru-group.fi> <87mvtgfws4.fsf@alice.fifthhorseman.net>\r
+ <87d1ubdu0k.fsf@zancas.localnet> <m24mfmbolm.fsf@guru.guru-group.fi>\r
+ <m21taqbnt8.fsf@guru.guru-group.fi>\r
+User-Agent: Notmuch/0.21+66~g8c19a9a (http://notmuchmail.org) Emacs/24.5.1\r
+ (x86_64-pc-linux-gnu)\r
+Date: Fri, 15 Jan 2016 14:11:55 -0500\r
+Message-ID: <871t9i7j44.fsf@alice.fifthhorseman.net>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.20\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Fri, 15 Jan 2016 19:12:01 -0000\r
+\r
+On Sun 2015-12-13 06:17:07 -0500, Tomi Ollila wrote:\r
+> Actually now that I sent this mail it kept rolling on my mind... If anyone\r
+> else than me (and libgpgme?) thinks that '.' should not be in search path\r
+> we could do\r
+\r
+fwiw, i agree that . should *not* be in the search path.\r
+\r
+> if (getenv("PATH") == NULL) {\r
+> path_set = true;\r
+> setenv("PATH", "/bin:/usr/bin", 1); // XXX *BSD configurability //\r
+> }\r
+> else path_set = false;\r
+>\r
+> ... g_find_program_in_path("gpg2")\r
+> ... g_find_program_in_path("gpg")\r
+>\r
+> if (path_set) {\r
+> unsetenv("PATH");\r
+\r
+I'm game for something like this, but i've got a queue of patches i'm\r
+about to send that would provide a different place to make this change,\r
+so i'm not making it now. please keep this in mind, though :)\r
+\r
+> I also thought of examining the return value starting with ./ but\r
+> (current or) future version of g_find_program_in_path() might\r
+> canonicalize the returned path...\r
+\r
+i'm not sure what this suggestion means -- do you mean checking to see\r
+whether the returned value started with ./ ? If so, I agree that this\r
+seems like a not very robust way to protect against this problem.\r
+\r
+Should we maybe also be reporting this as a bug against\r
+g_find_program_in_path ?\r
+\r
+ --dkg\r