[pass] [PATCH] Allow custom subcommands
Brian Candler
b.candler at pobox.com
Tue Oct 4 07:40:45 CEST 2016
On 04/10/2016 05:45, Sylvain Viart wrote:
> Pass itself could be signed. By the user at init.
But why? Do you have a version of Linux which only executes signed
scripts/binaries?
As for the admin being tricked into installing a malicious plugin -
what's the difference between that and installing a malicious version of
'pass' itself?
The only protection for 'pass' is installing it from a trusted location,
and/or verifying the code by eye. Surely the same applies to plugins?
Regards,
Brian.
More information about the Password-Store
mailing list