Hey, I tried adding a gitignore like this one but the problem is that the way gitignore works it only "unignores" gpg files in the root folder, which is very problematic. Probably the second solution of just using pass code to check extensions (and maybe contents) would be better.
On Mon, Aug 25, 2014 at 6:47 PM, Tobias V. Langhoff <[email protected]> wrote: > On Mon, Aug 25, 2014 at 1:54 PM, Justus <[email protected]> > wrote: > > Hello pass devs, > > I noticed that some users accidentally commit plain text passwords to > > shared repositories, because they sometimes use editors and gpg without > > invoking pass. to remedy this problem, which leads to security > > problems, I propose this patch that would prevent accidental commit of > > unencrypted files in the password store > > This is a good idea! I also think that pass should at some point, > perhaps during commit, let the user know that there are weird files in > their tree. Their mere existence is a security problem. > > -- > Tobias V. Langhoff > _______________________________________________ > Password-Store mailing list > [email protected] > http://lists.zx2c4.com/mailman/listinfo/password-store > -- Errikos Koen, Web Developer / Software Engineer www.pamediakopes.gr
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
