Den 25. jan. 2017 09:14, Sebastian Reuße skreiv: > When keeping the password-store under git, it can make sense using a git > extension such as git-annex instead of the native git object store to > store the encrypted files. Inter alia, this allows one to selectively > expire old copies of the encrypted data, while otherwise, one would need > to recreate the complete repository when a key should no longer have > access to some of the data.
if someone had access in the past, they had access to make a clear text copy of everything if they wanted to. if you worry about this, you need to change all passwords, and who cares if they still have access to outdated passwords through old revisions of the repository. I don't think makes much sense to rewrite history. > Since using the git-annex object store means that *.gpg files (and > directories named *.gpg) are kept under .git/… (non-writable), the > reencryption logic used by pass currently fails. To remedy this, we now > ignore everything kept under .git when looking for files to reencrypt or > when grepping. I see no reason to look inside .git/ anyway, so by all means :) > - done < <(find "$1" -iname '*.gpg' -print0) > + done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0) simpler and more portable to use "-name .git" (although -iname and -print0 are not POSIX either). -- Kjetil T. Homme Redpill Linpro - Changing the game
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
