On 04/10/2016 05:45, Sylvain Viart wrote:
Pass itself could be signed. By the user at init.
But why? Do you have a version of Linux which only executes signed
scripts/binaries?
As for the admin being tricked into installing a malicious plugin -
what's the difference between that and installing a malicious version of
'pass' itself?
The only protection for 'pass' is installing it from a trusted location,
and/or verifying the code by eye. Surely the same applies to plugins?
Regards,
Brian.
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
