Security Vulnerability: Faulty GPG Signature Checking

Kevin Lyda kevin at ie.suberic.net
Fri Jun 15 16:00:55 CEST 2018


Close to what I do - I keep a copy in my vcsh home repo.

Kevin

On Fri, Jun 15, 2018 at 2:55 PM Steve Gilberd <steve at erayd.net> wrote:

> One other thought regarding the choice of language. I personally keep a
> copy of pass stored *inside my pass git repository*, so that I can still
> easily use it on systems where pass is not installed without adding too
> many extra steps. Bash is everywhere, which makes it extremely portable.
>
> It's fairly common for me to use it from a live distro (typically
> sysresccd), and sometimes on some other system that isn't mine.
>
> Cheers,
> Steve
>
> On Sat, 16 Jun 2018 at 01:49 Steve Gilberd <steve at erayd.net> wrote:
>
>> On Sat, 16 Jun 2018 at 01:36 Ben Oliver <ben at bfoliver.com> wrote:
>>
>> > I don't think that 'simple' necessarily means bash.
>>
>> It doesn't - 'simple' and 'written in bash' were two separate points. I
>> was endorsing bash, because:
>>  (a) bash is something I already know and can easily audit; and
>>  (b) bash has no concept of packages which removes the temptation to
>> import arbitrary functionality.
>>
>> I don't have any objection to other languages in principle, but bash has
>> some compelling points that make it ideal *for my particular use-case*.
>>
>> > You know how pass works, even without looking at the source code.
>>
>> But I'm not looking at the source to figure out how it works. I'm looking
>> at the source to ensure it is trustworthy.
>>
>> Cheers,
>> Steve
>> --
>>
>> Cheers,
>>
>> *Steve Gilberd*
>> Erayd LTD *·* Consultant
>> *Phone: +64 4 974-4229 <+64%204-974%204229> **·** Mob: +64 27 565-3237
>> <+64%2027%20565%203237>*
>> *PO Box 10019, The Terrace, Wellington 6143, NZ*
>>
> --
>
> Cheers,
>
> *Steve Gilberd*
> Erayd LTD *·* Consultant
> *Phone: +64 4 974-4229 <+64%204-974%204229> **·** Mob: +64 27 565-3237
> <+64%2027%20565%203237>*
> *PO Box 10019, The Terrace, Wellington 6143, NZ*
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180615/f2f31218/attachment.html>


More information about the Password-Store mailing list