[pass] Signing individual pass files

[Allan Odgaard]

On 21 Jul 2014, at 12:28, James Wald wrote:

> […] It would have to add the '--sign' option […] need to validate 
> signatures against trustdb.gpg. I
> feel that gpg's signing is the right solution for this problem […]

And the problem is that untrusted people can write to your password 
store?

Using GPG signing would not be how I would solve such problem, and I 
wouldn’t consider it an acceptable solution. Say you need the password 
for foo at example.com and ‘pass’ reports that this password is not 
signed by a trusted user, so now what?