On Wed, Mar 19, 2014 at 11:38 AM, Brian Shore <[email protected]>wrote:
> On Wed, Mar 19, 2014 at 10:06 AM, Jan-Frode Myklebust > <[email protected]> wrote: > > I agree it's a pain to distribute, and change keys, but am uncertain > about if I'd want to blindly trust a keyring distributed together with the > password store. Actually, even trusting the list of keyid's instead of a > group name defined outside of the git repo is opening up an easy attack by > changing the list of id's git-serverside to steal new passwords. > > > > The .gpg_id (or keyring) should probably be signed by someone we trust > outside of the password-store before use. > > Why not sign the .gpg_id files after creation as part of the init > process? Does it need to be signed by someone who doesn't use the > password store? I think issues of password store file integrity and authenticity will be handled by whatever decision comes out of this thread: http://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html Right now we're leaning toward signed git commits.
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
