[PATCH] Added way to insert files, modified help accordingly. Added -h as additional help parameter

David A. listmail at cox.net
Sun Jan 29 19:48:22 CET 2017


On Fri, 27 Jan 2017 15:02:45 -0300, HacKan <hackan at gmail.com> wrote:

[I just realized I didn't "reply all" yesterday so my recent replies
only went to the OP]


I don't think you should have added in the '-h' option within this
patch simply because it's unrelated.

I also think this error message should include the file name:

	die "File is not valid."

It's all too easy to type something like "pass insert US Bank" and
forget to escape or quote the space and then wonder why your error
message is happening.

Overall this is a fairly reasonable attempt at the solution.  However,
I think it requires more pause for thought.  This patch expands the
official scope of pass from being strictly a password only store to a
general purpose encrypted store for any and all random files.  Heck,
today it doesn't even officially support usernames in any meaningful
way.

This change in direction opens a huge can of worms.  The next obvious
need would be to have pass launch whatever programs are needed to view
whatever random files are stored.  That is a complete nightmare when
you consider the cross-platform nature of pass.  Then there's the
security implications of how to launch the decrypted file, where it
might be stored while in use, will  it be removed when done, etc.

Personally, I do like the idea of this patch and what it provides, but
I don't think that pass should accept the overreaching implications of
it.

The fact is, the functionality of this patch already exists today in a
slightly less obvious way.  That was already demonstrated in your
earlier thread.  It's easy enough to have your own external script
that makes this process seamless.  With the new extension capability
that external script can now appear to be an official pass subcommand.
That's the route I think you should go.

On that note, I think Jason should add a section to the web page for
browsing and downloading user written extensions.  Though I'm not sure
the extension functionality is fully fleshed out yet.

[the following not directed at HacKan]

Too many people think that every little function they dream up needs
to be built in to pass.  They forget that pass is intended to be a
simple scriptable piece of the UNIX CLI tool chain which opens vast
possibilities for extending the functionality.



More information about the Password-Store mailing list