[pass] copying usernames and urls

René Neumann lists at necoro.eu
Tue Apr 29 17:34:40 CEST 2014


Am 29.04.2014 17:17, schrieb Alfredo Pironti:
>>
>> If this is your point, doesn't the problem exist anyway? It can happen
>> the same, even if the command is not part of pass but external (or a
>> shell pipeline ...). The only reasonable thing here would be to have
>> educated users who 'know what they are doing' (i.e. for the example
>> above see the problem and change the pwd accordingly).
>>
> 
> I think it's a matter of separation of concerns (or "who to blame?").
> Sticking to Unix philosophy, each tool is good at doing one (its) thing.
> So if the firefox plugin uses a specific format and at some point fails
> in parsing it, you can blame the plugin rather than pass. Pass is kept
> simple and audited for its core tasks.
> 
> That said, I'm not defending this position too much. I'd just like to raise
> a flag
> about this potential issue, and the associated raise in complexity if a
> format gets handled by pass.

And now I understand, why you can live with adding it as an 'external'
command (via whatever mechanism): The functionality is the same, but it
is easier for the user to see, that this is not core functionality of
pass, and it might do bad things.

In my original defense of such 'helper shortcuts' in pass, I always
assumed, that this separation is clear to the user. But it definitely
holds that 'explicit is better than implicit'.

- René


More information about the Password-Store mailing list