Package: pass Version: 1.4.2-3 Severity: important When inserting or generating a new password, pass does not check whether the call to gpg to store the encrypted password actually succeeds. If GPG fails, the exit code of pass is 0, and in case you generate a new password, the generated password is still printed on the screen or copied to the clipboard. The problem is of course that you think you have stored the password, but in reality it is lost.
[guus@haplo]~>pass generate -c test 10 gpg: please do a --check-trustdb gpg: 1234ABCD: There is no assurance this key belongs to the named user gpg: [stdin]: encryption failed: Onbruikbare publieke sleutel Copied test to clipboard. Will clear in 45 seconds. [guus@haplo]~>echo $? 0 In case GPG fails, pass should NOT return a password and the exit code should be non-zero. Also, in case the --clip option is used, pass should clear the clipboard before doing anything else, to ensure that in case of an error, the clipboard does not contain any other contents from before pass was called. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pass depends on: ii gnupg 1.4.16-1.1 ii gnupg2 2.0.22-3 ii pwgen 2.06-1+b2 ii tree 1.6.0-1 Versions of packages pass recommends: ii git 1:1.9.0-1 ii gnupg2 2.0.22-3 ii xsel 1.2.0-2 Versions of packages pass suggests: ii libxml-simple-perl 2.20-1 ii perl 5.18.2-2 ii python 2.7.5-5 ii ruby 1:1.9.3.4 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org