Security Vulnerability: Faulty GPG Signature Checking

[Daniel Long Sockwell]

I'll chime in as one more voice in favor of keeping pass as a shell
script.  It's a big part of what drew me to pass in the first place.
There are a lot of other password managers, but there aren't any that
are nearly as transparent as pass.

Best,
Daniel
On 06/15, Héctor Rivas Gándara wrote:
> > what initially drew people to pass over other (perhaps more conventional
> database-backed) solutions
> 
> In my case, this:
> 
> $ gpg -d < ~/.password-store/test/hello.gpg
> 
> ;)
> 
> -- 
> Héctor Rivas
> 
> On Fri, Jun 15, 2018 at 8:32 AM, Ben Oliver <ben at bfoliver.com> wrote:
> 
> > On 18-06-15 09:16:27, Volkan Yazıcı wrote:
> >
> >> I see the point of replacing bash with another programming language, that
> >> being said, I feel the urge to say something about this without falling
> >> into the trap of ranting about programming languages. One of the key
> >> points
> >> of pass that was really the selling point for me was, apart from perfectly
> >> solving the problem it was designed to solve, the transparency of the
> >> implementation.
> >>
> >
> > This is it for me too. The design is so simple that the drawbacks, like
> > having the file names exposed, are immediately obvious to any newcomer.
> > There are no nasty suprises down the line - it's just gpg and git.
> >
> > I'm not saying that moving away from bash is a bad idea, just that it is
> > important to think about what initially drew people to pass over other
> > (perhaps more conventional database-backed) solutions.
> >
> > _______________________________________________
> > Password-Store mailing list
> > Password-Store at lists.zx2c4.com
> > https://lists.zx2c4.com/mailman/listinfo/password-store
> >
> >

> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store