[pass] [ANNOUNCE] pass v1.5 released, with support for 'team pass'

Jason A. Donenfeld Jason at zx2c4.com
Sat Apr 12 21:32:53 CEST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

Pass is the standard unix password manager. We have just finished version 1.5.

This is a massive release, coming around 18 months since our last. We've
incorporated tons of fixes and added some nice new features, including the
much demanded "team pass" support, allowing pass to be used with multiple gpg
keys in a variety of settings.

== Password Store on the Web ==

* Our homepage:
  <http://www.zx2c4.com/projects/password-store/>

* Man page:
  <http://git.zx2c4.com/password-store/about/>

* Git repository:
  <http://git.zx2c4.com/password-store/>
  <git://git.zx2c4.com/password-store>

* Mailing list:
  <http://lists.zx2c4.com/mailman/listinfo/password-store>
  <mailto:password-store at lists.zx2c4.com>


Without further ado, here's what's new in version 1.5.

== Features ==

* Team pass is now possible! At last! Each .gpg-id file may contain multiple
  IDs, separated by a new line, and `pass init` now takes multiple options for
  specifying multiple keys with which to populate .gpg-id.

* Different directories may now have their own .gpg-id, and `pass init` has
  now learned a -p/--path switch for writing this file. This may be used to
  have different access permissions for different sub-folders.

* All temporary files, even ones that exist merely in a tmpfs ram disk, are
  overwritten with random data before deletion, using shread or wipe,
  depending on the platform.

* If git is in use, all commits can be signed with the "user.signingkey" ID if
  "pass.signcommits" is enabled in git-config. This protects against remote
  tampering.

* Clipboard selection can now be overwritten using the
  PASSWORD_STORE_X_SELECTION environment variable, and the timeout time before
  restoring the clipboard can be overwritten using PASSWORD_STORE_CLIP_TIME.

* The umask can now be overwritten with the PASSWORD_STORE_UMASK environment
  variable.

* gpg v1 can be used, in addition to the already supported v2


== Bug Fixes ==

* Do not race between clipboard restoration instances at once
* We now properly follow symlinks with tree and with reencryption
* Fix conflict between passwords and directories with the same name
* Bash completion goes in the correct folder
* Many bash and sed simplifications and optimizations
* `mktemp` now uses the correct argument order
* We no longer use GPG compression, due to security concerns
* Documentation improvements
* Bash, zsh, and fish completion clean-ups
* Lots of import script fixes
* Non-recursive makefile
* On re-encryption in `pass init`, a pipe failure no longer blanks file


== New Import Scripts from Contributors ===

* KED password manager
* Revelation password manager
* Keepass2 password manager
* Gorilla password manager
* Pwsafe password manager


== Other Contributed Projects ==

* A firefox plugin
  <https://github.com/jvenant/passff#readme>
* An iOS app
  <https://github.com/rephorm/pass-ios#readme>
* A dmenu script
  <https://github.com/cdown/passmenu#readme>


Moving forward we've got some nice things planned, such as finally adding a
`pass search` command, and other commonly requested features.


== Downloading v1.5 ==

* <http://git.zx2c4.com/password-store/snapshot/password-store-1.5.tar.xz>
  766915f15ad7b5e94b720d62fca5bf4acae961c2 (sha1)
  ca094372e1eec8c857b2f6ace09fb723 (md5)

* The tag 1.5 is signed with my gpg key:
  <http://zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc>


Thanks to all the contributors who made this release happen! There's been a
lot of churn this release, so if I've broken anything, expect a .1 soon. In
either case, packagers: bump your packages.

Jason
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJTSZS8AAoJEEn8cBKl3gOuXz8QALft6O/gxQYK9qUXM5Rg9iyN
ZCvUxRxReBc3jsmDOjBpXe7rQQWWjDhb2qix+F/LFPuPQ6yLp2R5oMpkEGuY9v/R
bsBq3jRee4VqOemI5QvwEM+qX+jQu3J4hCx++0NuiqEQV99e0R3wQsiPpVe8gSMm
KsiAZECalLfbT3f8nxqSGezAO8XERN8xDW/Uvgvwh8k/MhRp48lrhr0BoxXA6EgX
bX2wzvU76IWzHitmj+qEIiyqUIkTNViHD9lRwl8le1ir9MR1DIkLDvZpsRfvIZaJ
YlkEvBRWsjVIQmLLMKkKyG+2fbm8dfoKGeTv0mtuVhazEmqZaie/A09c0tEfQc+u
OhYfEtub7oMY8aEMOC64ggJk66gGxu3dwSP28Ijcd85P1xdznssEr0Cckq43eXyA
KteD4+4wbZm6WFckDdTHWIH9yBzb1Z7b4bh27d9ZNq4w6uoRniHRU1bDdfarGiNr
JRFK9NHFtlcKH/jKkN+bnRBIM0/V9YGbHp0hRkDJp9hR8LoPBBGUbJmmTt099wsm
CGz+yufG03IblMnZ7ilU2e0LIrfZMGCDGDcbn3f0OqiY3sy4nVDovuYQsbRhN6tr
SzFTIE6GkaLfh5zaNana8/GyfE9aW+8bc+TLeThcffna5gJ6XYNj6n2LBApmSZJD
WH7FCFQCAY74RW9PlrDY
=qdBY
-----END PGP SIGNATURE-----

More information about the Password-Store mailing list