[pass] Signing individual pass files

Allan Odgaard lists+pass at simplit.com
Mon Jul 21 14:27:49 CEST 2014

On 21 Jul 2014, at 12:28, James Wald wrote:

> […] It would have to add the '--sign' option […] need to validate 
> signatures against trustdb.gpg. I
> feel that gpg's signing is the right solution for this problem […]

And the problem is that untrusted people can write to your password 

Using GPG signing would not be how I would solve such problem, and I 
wouldn’t consider it an acceptable solution. Say you need the password 
for foo at example.com and ‘pass’ reports that this password is not 
signed by a trusted user, so now what?

More information about the Password-Store mailing list