[pass] [PATCH] Team pass: enable multiple keys and per directory
Jan-Frode Myklebust
janfrode at tanso.net
Wed Mar 19 18:06:52 CET 2014
> Den 19. mars 2014 kl. 14:01 skrev Josh Cartwright <joshc at eso.teric.us>:
>
> Perhaps instead of maintaining a .gpg_id key list, a keyring with the
> teams' public keys should be used.
I agree it's a pain to distribute, and change keys, but am uncertain about if I'd want to blindly trust a keyring distributed together with the password store. Actually, even trusting the list of keyid's instead of a group name defined outside of the git repo is opening up an easy attack by changing the list of id's git-serverside to steal new passwords.
The .gpg_id (or keyring) should probably be signed by someone we trust outside of the password-store before use.
-jf
More information about the Password-Store
mailing list