On 21 Jul 2014, at 12:28, James Wald wrote:
[…] It would have to add the '--sign' option […] need to validate
signatures against trustdb.gpg. I
feel that gpg's signing is the right solution for this problem […]
And the problem is that untrusted people can write to your password
store?
Using GPG signing would not be how I would solve such problem, and I
wouldn’t consider it an acceptable solution. Say you need the password
for [email protected] and ‘pass’ reports that this password is not
signed by a trusted user, so now what?
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
