Security Vulnerability: Faulty GPG Signature Checking

Nick Klauer klauer at gmail.com
Fri Jun 15 17:50:02 CEST 2018


I just want to point out that there already exists a pass-compatible
version written in go: https://github.com/gopasspw/gopass

I use it, and it would just fine for my purposes.


On Fri, Jun 15, 2018 at 10:28 Mark Gardner <mkg at vt.edu> wrote:

> On Fri, Jun 15, 2018 at 8:13 AM, Tobias Girstmair <junkgir-passwd at yahoo.de
> > wrote:
>
>> I should've probably phrased that very differently. What I meant to say
>> was I'd support a pass 2.0 written in a language that is an integral
>> part of the GNU/Linux/BSD/etc ecosystem[1]. A scripting language like
>> Python or Perl[2] would be very good options IMO.
>>
>
> ​​I'm cool with Python. When I am not programming in Go, I am programming
> in Python. It seems to be installed by default on all the Linux systems
> lately. I am no longer so fond of perl, which is strange to say as I have
> done some fairly big programs in perl. I found that it gets very obtuse
> when you need to start creating nested data structures or use objects. Once
> upon a time, perl with the the big thing. The momentum seems to have swung
> towards Python these days.
>>
>> What I failed to communicate was that I don't want to have to install a
>> whole load of dependencies, be it a Rust[3] or Go compiler or let alone
>> npm/nodejs.
>>
>
> ​I think you are conflating the dependencies that need to be installed to
> build a compiled tool from the dependencies to install and use the tool.
> Since most people install packages via their package manager, the former is
> not much of an issue in my opinion. I agree that I don't want to have to
> tons of separate libraries installed with the tool.​
>
> ​Don't know about Rust but installing a Go-based pass would be no
> different than the current version. It would be just a single executable
> plus stuff like examples and docs. The code would be written to check for
> optional dependencies, such as git, and only use them if found. Just like
> the current pass.
>
> In the end I don't really care what language pass is written in. Just so
> long as it exists and works much like it does now.​
>
> Mark
> --
> Mark Gardner
> --
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
-- 

-Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180615/f78ab76e/attachment-0001.html>


More information about the Password-Store mailing list