Group sharing security

Jason A. Donenfeld Jason at
Wed Jun 14 18:04:13 CEST 2017

>From the pass(1) man page section on environment variables:

             If this environment variable is set, then all .gpg-id
files and non-system extension files must be signed
             using a detached signature using the GPG key specified by
the full 40 character upper-case fingerprint in
             this variable. If multiple fingerprints are specified,
each separated by  a  whitespace  character,  then
             signatures must match at least one.  The init command
will keep signatures of .gpg-id files up to date.

More information about the Password-Store mailing list