On Mon, Jul 16, 2018 at 6:53 AM Sergio Durigan Junior <[email protected]> wrote:
> Hello, > > Thank you for your interest in Debian. > > From the website (which unfortunately uses github): > > pw was written by Dashamir Hoxha ([email protected]). The code is > on GitHub at https://github.com/dashohoxha/pw. pw started as a fork of > pass (http://www.passwordstore.org/), written by Jason A. Donenfeld > ([email protected]). > > pass is already packaged, works perfectly (I use it myself), has an > active upstream, and doesn't use github (which IMO is a feature > nowadays). What is the advantage of having "pw" in the archive? A couple of years ago I made some suggestions for improvement to 'pass'. I proposed to use an encrypted archive for the whole directory of passwords, instead of encrypting only the passwords, because this way the structure of the passwords is hidden and protected as well, besides the passwords themselves. This looks like a reasonable thing, however it conflicts with some other feature of 'pass', namely the ability to share different branches of passwords with different people. Since 'pass' is widely used, there is no way to remove an existing feature from it, since some of the users may already depend on it. So, my proposal could not be technically accepted and the only way was to start a fork, which I did. Later I continued to add more features which make it different from 'pass'. For example having a GPG key is a must for using 'pass', however in 'pw' it is only an option, one can also use a simple password for encrypting the archive. In my opinion this makes 'pw' easier to get started, compared to 'pass', since we all know that managing GPG keys is not an easy task, especially for beginners. Another difference is that in 'pass' you can share your passwords with other people only through a central git repository. In 'pw' you need to synchronize the encrypted archives with other people, and this can be done with 'scp' or 'rsync' or any other means. So, the main target users of 'pass' are big enterprises, or organizations, or corporations. On the other hand 'pw' is more suitable for individuals or small groups. I do not claim that 'pw' is better than 'pass', but at least they are different, because they have different features. So, it makes sense to have both of them in the repository, and let the users decide which one is more suitable for their needs. References: - https://lists.zx2c4.com/pipermail/password-store/2016-January/001887.html - https://lists.zx2c4.com/pipermail/password-store/2016-January/001902.html - https://lists.zx2c4.com/pipermail/password-store/2016-January/001928.html I don't think that the place of hosting adds or removes anything to the merits of an application. However 'pw' is a free software and it is hosted on a site that so far has offered great service, and is friendly and not hostile to free software (at least not yet). Anybody who cares about it is free to make a mirror to their preferred or trusted hosting service. I do this often for the programs or tools that I need to use on my applications, just in case that they suddenly disappear from the face of the Earth. If I had hosted 'pw' on my own personal server, this would not make it more safe, or secure, or reliable. My point is that the place of hosting does not matter. > > Thanks, > > -- > Sergio > GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 > Please send encrypted e-mail if possible > http://sergiodj.net/ >
