Describe the bug
config/oauth.go and the PGP keyring have no read/write coordination. If the user re-imports a key while a decryption goroutine is mid-read of the keyring file, the decryption can fail spuriously or load a partially-written keyring.
Expected behavior
Read/write lock on keyring access. Atomic write for keyring updates (write-temp + rename).
Why it's hard
The PGP code is tangled with os.ReadFile calls scattered across the codebase. A clean fix needs a single keyring accessor with all reads going through it.
Describe the bug
config/oauth.goand the PGP keyring have no read/write coordination. If the user re-imports a key while a decryption goroutine is mid-read of the keyring file, the decryption can fail spuriously or load a partially-written keyring.Expected behavior
Read/write lock on keyring access. Atomic write for keyring updates (write-temp + rename).
Why it's hard
The PGP code is tangled with
os.ReadFilecalls scattered across the codebase. A clean fix needs a single keyring accessor with all reads going through it.