Security Vulnerability: Faulty GPG Signature Checking
Tobias Girstmair
junkgir-passwd at yahoo.de
Fri Jun 15 14:13:22 CEST 2018
On Fri, Jun 15, 2018 at 08:57:57AM +0300, Matthieu Weber wrote:
> It is very difficult to write correct programs in C, and very easy to
> write C programs with security holes in it. Since the topic here is
> security, I would advise against C. Go, Rust, Java even, or scripting
> languages such as Python, Ruby or even Perl are probaly safer than C (or
> C++).
I should've probably phrased that very differently. What I meant to say
was I'd support a pass 2.0 written in a language that is an integral
part of the GNU/Linux/BSD/etc ecosystem[1]. A scripting language like
Python or Perl[2] would be very good options IMO.
What I failed to communicate was that I don't want to have to install a
whole load of dependencies, be it a Rust[3] or Go compiler or let alone
npm/nodejs.
[1]: By that I mean something that is pre-installed on most systems,
which I believe both Perl and Python are.
[2]: I've recently fallen in love with Perl. Feels like a shell, but way
more powerful.
[3]: Not only do none of my systems come with a rust (or go) toolchain,
so many Rust projects list "curl some-rust-distro.com | sudo bash"
as step one of the install procedure - I'm not installing anything
that's not packaged by my OS distribution (for me that even means
no PyPi/pip or CPAN).
--
gir.st
More information about the Password-Store
mailing list