Security Vulnerability: Faulty GPG Signature Checking

Ben Oliver ben at bfoliver.com
Fri Jun 15 16:47:38 CEST 2018


On 18-06-16 01:53:52, Steve Gilberd wrote:
>One other thought regarding the choice of language. I personally keep a
>copy of pass stored *inside my pass git repository*, so that I can still
>easily use it on systems where pass is not installed without adding too
>many extra steps. Bash is everywhere, which makes it extremely 
>portable.

That's a really interesting use-case that should definitely be taken 
into account. I always keep it in my PATH so I never think of it as a 
script really, but if people are doing this then it is quite a good 
reason to stay with bash.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180615/86dd33ed/attachment.asc>


More information about the Password-Store mailing list