question on security

Greg Minshall minshall at acm.org
Tue Jan 30 13:40:54 CET 2018


Guthrie, Ben, Kenny, Martin,

thanks for all the replies.  mass itemized reply (inconsequential).

1. yes, it's Mingshen Sun's ios app i was looking at.

2. i should figure out multiple keys in general, for password-store in
particular.  (gpg* scares me (**).)  that would probably be a win, given my
level of paranoia.

3. i don't encrypt e-mails.  (more paranoia: it's going to end up as
plain text on Bob's computer and i can't really think of a Bob i trust
-- including Alice, i.e., me -- not to leak, allow leaking. :)

4. thanks for the (two separate!) pointers to git-remote-gcrypt.  i
guess too bad it's not yet an option.  (nor tomb.)

5. the idea of using a private git repo host makes sense.

(i *said* "inconsequential", right? :)

again, thanks.  cheers, Greg

(**) pulpit: i hate that gpg* will leave a decrypted file laying around
without warnings, flashing lights, etc.  it should at *least* require a
single, dedicated "--LEAK" flag, something like that.  otherwise, the
idiot new user (me) is likely to leak left, right, and center.


More information about the Password-Store mailing list