Web lists-archives.com

Re: Bug#858229: ITP: passh -- passh: a pass fork - stores, retrieves, generates, and synchronizes passwords securely.




Hello there, let me remind you of different time zones :)

Thanks for calling me.

As you could see from the mailing list, I simply forked because the author and collabs weren't entirely OK on my approach of loading extensions even before handling internal commands. And that's just fine, I don't intend to force push my ideas into anyone.

Once I forked, I kept developing without waiting for pass. I implemented the help from extensions, and now I'm working on a feature that enables for filename encryption to solve the metadata leak: https://github.com/HacKanCuBa/passh/projects
Which is taking me a while since bash falls a bit short here (but can be handled).

I'll try my best to develop this feature as an extension so it can be easily used by pass too, but it might not be possible given that it affects every operation: show, insert, edit, etc... And from the mailing list, you might see that such feature was discussed several times. I'll propose it once again as soon as I have the code working.

There are some extensions that tries to solve it too, but aren't enough nor completely useful from my point of view (let me know if you require a more detailed explanation here).

Regarding licensing, I usually prefer GPL3, but if, as Christian says, issues might arise that could interfere with sharing code with pass, then I would change it to GPL2.0+. Please explain me more about this. (Btw, I'm editing the readme so it reads 2.0+ instead of 2.0 as noted).

I'm going to make myself some time to write a patch the way pass requires (plain in the mailing list, no attachments) to see how that goes again and satisfy inquires done in this thread.

Thanks for everything so far! Cheers!

On March 20, 2017 5:37:22 AM GMT-03:00, Geert Stappers <stappers@xxxxxxxxxxx> wrote:
On Mon, Mar 20, 2017 at 07:21:00PM +1100, Brian May wrote:
Christian Seiler <christian@xxxxxxxx> writes:

Specifically take a look at this message from the author of the original
tool:
https://lists.zx2c4.com/pipermail/password-store/2017-February/002799.html

The fork appears to have happened after that, but wasn't mentioned at
all on the upstream mailing list.

"However, the basic ideas seem like good ones, and I'll look into
adopting these with a less offensive implementation."

Seems like the author liked the concepts behinds the patches, but felt
that the patches needed more work. I think I would have started by
trying to submit a smaller change (e.g. maybe the first patch in the
series).

The author of `passh`, the forker of `pass` is now also in the To: field.

I did add Ivan as an invite to join this discussion.
To know why the fork was needed. ( and maybe if it could be avoided )

Previous postings are at http://bugs.debian.org/858229



I don't see any response to this email.

Doesn't inspire confidence :-(

The ITP is about six hours old.
Allow people some time to response :-)


Groeten
Geert Stappers

--
Barrera Oro, Iván A.
GPG: 0x35710D312FDE468B