On Wed, Mar 19, 2014 at 8:06 AM, Alfredo Pironti <[email protected]> wrote: > Using git-level signature ensures integrity of the data on the remote > repository, but not of the local data.
Actually it's possible to ensure before touching the git repository that the filesystem is in sync with git, and that the git signatures are valid. (There is probably race condition potential here, but I imagine the point at which an attacker can swap files to win races, the security model of a password manager is already compromised, so...) _______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
