[PROPOSAL] Fallback if extension not in PASSWORD_STORE_EXTENSIONS_DIR.

Karl Fogel kfogel at red-bean.com
Mon Dec 18 03:47:22 UTC 2023

On 17 Dec 2023, Greg Minshall wrote:
>> Many programs behave the other way: an extension can be 
>> installed in a
>> user-specific location or in a system location or both, and the
>> user-specific location always shadows the system location.
>i don't know if this was the original thinking, but i think 
>because this
>is a security program, one wants to be extra careful that the 
>doesn't (too (*)) inadvertently turns on
>possibly risky features.
>cheers, Greg
>(*) there are never guarantees.

*nod* Yeah, I get the general principle.  So (thinking aloud here) 
the idea is:

If the user has set PASSWORD_STORE_EXTENSIONS_DIR, we interpret 
that as the user saying that it's the one and only place where 
they want extensions to come from.  Therefore 'pass' shouldn't 
fall back to looking in "${PASSWORD_STORE_DIR}/.extensions" or in 
"${HOME}/.password-store/.extensions" to find an extension -- that 
could potentially be a surprising behavior, and the user might not 
have been careful about (for example) what old versions of 
extensions, or what experimental extensions, are lying around in 
those other directories.

I can understand being cautious by default.  This decision might 
be worth documenting in the script.  Attached is a patch that does 
so, in case you all want it.

Best regards,

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-Document-non-fallback-behavior-for-extensions-dir.patch
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20231217/e971a819/attachment.ksh>

More information about the Password-Store mailing list