[pass] [RFC][PATCH] create a default .gitignore for pass if not exists

Tobias V. Langhoff tobias at langhoff.no
Mon Aug 25 17:47:31 CEST 2014


On Mon, Aug 25, 2014 at 1:54 PM, Justus <justus.seifert at cloudandheat.com> wrote:
> Hello pass devs,
> I noticed that some users accidentally commit plain text passwords to
> shared repositories, because they sometimes use editors and gpg without
> invoking pass.  to remedy this problem, which leads to security
> problems, I propose this patch that would prevent accidental commit of
> unencrypted files in the password store

This is a good idea! I also think that pass should at some point,
perhaps during commit, let the user know that there are weird files in
their tree. Their mere existence is a security problem.

-- 
Tobias V. Langhoff


More information about the Password-Store mailing list