|
|
|
|
|
|
by lasdfas
2469 days ago
|
|
|
It really surprises me that people are using pass or any other password manager developed as open source. Yes, the code is open source, but unless you download the code yourself and compile it, which not many people do on desktop and no one does for mobile clients, you have to trust the deploy process of a random group of people. None of the people even have to be malicious. They just have to have an insecure deploy process (which allows an attacker to insert code), which is extremely common in open source. Very few if any open source projects have audited their deploy process and have monitoring for vulnerabilities or exploits happening. It's just too time intensive/expensive for a side project someone isn't getting paid for. I prefer to trust an organization that has gone through tons of audits. Not just on whether the client is secure (can encrypt securely), but that their software development lifecycle is secure. They also have a huge financial incentive to keep things secure, which is not the case in open source. |
|
|
while long for a shell script, that's pretty easy reading for a password manager, and easy enough to understand.