Security Vulnerability: Faulty GPG Signature Checking

Karl Fiabeschi 1984itsnow at gmail.com
Fri Jun 15 18:45:14 CEST 2018


+1 for keeping bash

Il ven 15 giu 2018 17:51 Nick Klauer <klauer at gmail.com> ha scritto:

> I just want to point out that there already exists a pass-compatible
> version written in go: https://github.com/gopasspw/gopass
>
> I use it, and it would just fine for my purposes.
>
>
> On Fri, Jun 15, 2018 at 10:28 Mark Gardner <mkg at vt.edu> wrote:
>
>> On Fri, Jun 15, 2018 at 8:13 AM, Tobias Girstmair <
>> junkgir-passwd at yahoo.de> wrote:
>>
>>> I should've probably phrased that very differently. What I meant to say
>>> was I'd support a pass 2.0 written in a language that is an integral
>>> part of the GNU/Linux/BSD/etc ecosystem[1]. A scripting language like
>>> Python or Perl[2] would be very good options IMO.
>>>
>>
>> ​​I'm cool with Python. When I am not programming in Go, I am programming
>> in Python. It seems to be installed by default on all the Linux systems
>> lately. I am no longer so fond of perl, which is strange to say as I have
>> done some fairly big programs in perl. I found that it gets very obtuse
>> when you need to start creating nested data structures or use objects. Once
>> upon a time, perl with the the big thing. The momentum seems to have swung
>> towards Python these days.
>>>>
>>> What I failed to communicate was that I don't want to have to install a
>>> whole load of dependencies, be it a Rust[3] or Go compiler or let alone
>>> npm/nodejs.
>>>
>>
>> ​I think you are conflating the dependencies that need to be installed to
>> build a compiled tool from the dependencies to install and use the tool.
>> Since most people install packages via their package manager, the former is
>> not much of an issue in my opinion. I agree that I don't want to have to
>> tons of separate libraries installed with the tool.​
>>
>> ​Don't know about Rust but installing a Go-based pass would be no
>> different than the current version. It would be just a single executable
>> plus stuff like examples and docs. The code would be written to check for
>> optional dependencies, such as git, and only use them if found. Just like
>> the current pass.
>>
>> In the end I don't really care what language pass is written in. Just so
>> long as it exists and works much like it does now.​
>>
>> Mark
>> --
>> Mark Gardner
>> --
>> _______________________________________________
>> Password-Store mailing list
>> Password-Store at lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/password-store
>>
> --
>
> -Nick
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180615/910330cd/attachment.html>


More information about the Password-Store mailing list