[pass] New version with new features

Chris Down chris at chrisdown.name
Sat Dec 7 22:40:06 CET 2013 

Hey,

On 2013-12-07 21:20:42 +0000, Matthew King wrote:
> I feel really bad about writing a new version of pass, but I just kept on
> hacking and it sort of happened. I emailed Jason before uploading this to
> github but I got bored and hacked on it some more so I feel like I
> shouldn't keep it to myself any more as I've not heard back from him.

I wouldn't feel bad about it, as long as you attribute correctly.

Jason seems to reply sporadically even on this list, I wouldn't read
into it too much. I certainly have patches still waiting from months ago
due to that.

> It takes basically the same filesystem structure as pass (the gpg key is
> now stored in .keyids) and the command-line interface should be compatible,
> but it changes the gpg interaction to add new features:
> 
> Multiple destination keys. The keys to encrypt to can be set on a
> (recursively) per-directory and per-password level, and on the command-line.

Yay.

> Thorough audit trail (optional).

No idea what this means, but if it's just attributing changes, why not
just do it through git?

> Signable passwords (still quite hacky and entirely unused).

"Signable"? If you're referring to having it signed by PGP, that already
happens implicitly as part of the encryption process.

> Git made entirely optional.

Ouch.

> Splittable into API and CLI.

In my opinion, overengineering.

> Insert/get/edit/delete multiple keys in one invocation.

Yay.

> Pretty-print output. If each password requested is a YAML document,
> multiple passwords are returned as a YAML stream.

Ouch.

> With all that, however, it is a far less tested and documented project
> (it's less than a week old), there are features I have yet to implement
> (especially portability), and I have already noticed more bugs pass has
> already fixed. I'm definitely not recommending people use another-pass
> until it is more thoroughly vetted, but perhaps as a proof-of-concept.

I see a lot of wordsplitting bugs which should be easy to fix. If you're
not sure when it's appropriate to quote, you should probably be doing it
all the time.

> Thanks, and sorry!

I'm not sure why you're so apologetic :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20131207/807cdb60/attachment.asc>

More information about the Password-Store mailing list