Security Vulnerability: Faulty GPG Signature Checking

Steve Gilberd steve at erayd.net
Fri Jun 15 15:53:52 CEST 2018


One other thought regarding the choice of language. I personally keep a
copy of pass stored *inside my pass git repository*, so that I can still
easily use it on systems where pass is not installed without adding too
many extra steps. Bash is everywhere, which makes it extremely portable.

It's fairly common for me to use it from a live distro (typically
sysresccd), and sometimes on some other system that isn't mine.

Cheers,
Steve

On Sat, 16 Jun 2018 at 01:49 Steve Gilberd <steve at erayd.net> wrote:

> On Sat, 16 Jun 2018 at 01:36 Ben Oliver <ben at bfoliver.com> wrote:
>
> > I don't think that 'simple' necessarily means bash.
>
> It doesn't - 'simple' and 'written in bash' were two separate points. I
> was endorsing bash, because:
>  (a) bash is something I already know and can easily audit; and
>  (b) bash has no concept of packages which removes the temptation to
> import arbitrary functionality.
>
> I don't have any objection to other languages in principle, but bash has
> some compelling points that make it ideal *for my particular use-case*.
>
> > You know how pass works, even without looking at the source code.
>
> But I'm not looking at the source to figure out how it works. I'm looking
> at the source to ensure it is trustworthy.
>
> Cheers,
> Steve
> --
>
> Cheers,
>
> *Steve Gilberd*
> Erayd LTD *·* Consultant
> *Phone: +64 4 974-4229 <+64%204-974%204229> **·** Mob: +64 27 565-3237
> <+64%2027%20565%203237>*
> *PO Box 10019, The Terrace, Wellington 6143, NZ*
>
-- 

Cheers,

*Steve Gilberd*
Erayd LTD *·* Consultant
*Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237*
*PO Box 10019, The Terrace, Wellington 6143, NZ*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180616/b23c1aab/attachment-0001.html>


More information about the Password-Store mailing list