Security Vulnerability: Faulty GPG Signature Checking
Matthieu Weber
mweber at free.fr
Fri Jun 15 07:57:57 CEST 2018
On Thu, 14 Jun 2018 at 05:11PM -0400, Mark Gardner wrote:
> On Thu, Jun 14, 2018 at 19:49:56 +0200, Tobias Girstmair wrote:
> > *simple* bash scripts I've found are either trivial or
> > {fragile,wrong,buggy,insecure}. Again, I'd support C (or anything widely
> > supported) for pass 2.0
>
> Lately I have switched all my C hacking over to Golang (Go). While pass
> would need to be compiled individually for each platform, it would keep
> portability, including Windows. We should seriously consider re-writing
> pass in Go.
It is very difficult to write correct programs in C, and very easy to
write C programs with security holes in it. Since the topic here is
security, I would advise against C. Go, Rust, Java even, or scripting
languages such as Python, Ruby or even Perl are probaly safer than C (or
C++).
Matthieu
--
(~._.~) Matthieu Weber - mweber at free.fr (~._.~)
( ? ) http://weber.fi.eu.org/ ( ? )
()- -() public key id : 0x85CB340EFCD5E0B3 ()- -()
(_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180615/5103e690/attachment.asc>
More information about the Password-Store
mailing list