On 5/18/20 12:03 AM, Andreas Schwab wrote:
> On Mai 17 2020, Paul Eggert wrote:
> 
>> That would run afoul of the whole idea of clearing the string in the first
>> place, which was to avoid having one's password lying around in memory for a bad
>> actor to grab it.
> 
> But doing it in the caller is equally bad.

True, thanks, I installed the attached.