> Den 19. mars 2014 kl. 14:01 skrev Josh Cartwright <[email protected]>: > > Perhaps instead of maintaining a .gpg_id key list, a keyring with the > teams' public keys should be used.
I agree it's a pain to distribute, and change keys, but am uncertain about if I'd want to blindly trust a keyring distributed together with the password store. Actually, even trusting the list of keyid's instead of a group name defined outside of the git repo is opening up an easy attack by changing the list of id's git-serverside to steal new passwords. The .gpg_id (or keyring) should probably be signed by someone we trust outside of the password-store before use. -jf _______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
