Security Vulnerability: Faulty GPG Signature Checking

Héctor Rivas Gándara keymon at gmail.com
Fri Jun 15 10:32:43 CEST 2018


> what initially drew people to pass over other (perhaps more conventional
database-backed) solutions

In my case, this:

$ gpg -d < ~/.password-store/test/hello.gpg

;)

-- 
Héctor Rivas

On Fri, Jun 15, 2018 at 8:32 AM, Ben Oliver <ben at bfoliver.com> wrote:

> On 18-06-15 09:16:27, Volkan Yazıcı wrote:
>
>> I see the point of replacing bash with another programming language, that
>> being said, I feel the urge to say something about this without falling
>> into the trap of ranting about programming languages. One of the key
>> points
>> of pass that was really the selling point for me was, apart from perfectly
>> solving the problem it was designed to solve, the transparency of the
>> implementation.
>>
>
> This is it for me too. The design is so simple that the drawbacks, like
> having the file names exposed, are immediately obvious to any newcomer.
> There are no nasty suprises down the line - it's just gpg and git.
>
> I'm not saying that moving away from bash is a bad idea, just that it is
> important to think about what initially drew people to pass over other
> (perhaps more conventional database-backed) solutions.
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180615/40f25f25/attachment.html>


More information about the Password-Store mailing list