Hi Thorsten,
Le 03/10/2016 à 19:30, Thorsten Wißmann a écrit :
>> > Does GPG web of trust sure enough, to allow co-signing script to enable
>> > such signed plugins?
> I don't understand your question. But are you asking how my patch could
> be extended to call only 'signed' extensions?
It was,
Hi Sylvain,
On Mon, Oct 03, 2016 at 07:20:47AM +0200, Sylvain Viart wrote:
> Le 30/09/2016 à 11:33, Thorsten Wißmann a écrit :
> > if there is an executable pass-clipwiz in the PATH. This does not only
> > fit the usual pass workflow (first show a file, then paste it using
> > clipwiz), but one
On 04/10/2016 05:45, Sylvain Viart wrote:
Pass itself could be signed. By the user at init.
But why? Do you have a version of Linux which only executes signed
scripts/binaries?
As for the admin being tricked into installing a malicious plugin -
what's the difference between that and
