Security Vulnerability: Faulty GPG Signature Checking
Mark Gardner
mkg at vt.edu
Fri Jun 15 17:26:13 CEST 2018
On Fri, Jun 15, 2018 at 8:13 AM, Tobias Girstmair <junkgir-passwd at yahoo.de>
wrote:
> I should've probably phrased that very differently. What I meant to say
> was I'd support a pass 2.0 written in a language that is an integral
> part of the GNU/Linux/BSD/etc ecosystem[1]. A scripting language like
> Python or Perl[2] would be very good options IMO.
>
I'm cool with Python. When I am not programming in Go, I am programming
in Python. It seems to be installed by default on all the Linux systems
lately. I am no longer so fond of perl, which is strange to say as I have
done some fairly big programs in perl. I found that it gets very obtuse
when you need to start creating nested data structures or use objects. Once
upon a time, perl with the the big thing. The momentum seems to have swung
towards Python these days.
> What I failed to communicate was that I don't want to have to install a
> whole load of dependencies, be it a Rust[3] or Go compiler or let alone
> npm/nodejs.
>
I think you are conflating the dependencies that need to be installed to
build a compiled tool from the dependencies to install and use the tool.
Since most people install packages via their package manager, the former is
not much of an issue in my opinion. I agree that I don't want to have to
tons of separate libraries installed with the tool.
Don't know about Rust but installing a Go-based pass would be no different
than the current version. It would be just a single executable plus stuff
like examples and docs. The code would be written to check for optional
dependencies, such as git, and only use them if found. Just like the
current pass.
In the end I don't really care what language pass is written in. Just so
long as it exists and works much like it does now.
Mark
--
Mark Gardner
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180615/f6a06d31/attachment.html>
More information about the Password-Store
mailing list