Hacker News new | ask | show | jobs
by jph 1251 days ago
I like the command line capabilities of "pass", and I also agree with the author about some of its security issues and complexity.

I created "passable" to do what I believe is a bit better (IMHO) for command line usage: symmetric encryption, and files do not use any particular in-the-clear directory structure.

The code is POSIX shell, short,and easy to audit. MIT & Apache & GPL license. Constructive feedback welcome.

https://github.com/SixArm/passable
2 comments
zokier 1251 days ago
feels like a stretch to call that a password store when it doesn't really have any password management functionality at all
link
jph 1251 days ago
OK. I'll rephrase that. Thanks!
link
latchkey 1251 days ago
Nice work. I know this is just a simple shell wrapper around gpg (which I appreciate), but if I was going to rely on this, I'd like to see:

Prefer just a simple MIT over GPL (and properly license your repo on Github)

Unit tests

Build it with CI/CD

Releases with tags

Available on a package manager (brew/apt/...)

link
nequo 1251 days ago
What is the problem with GPL if you’re a user and not trying to reuse the code in a closed-source product for sale?
link
latchkey 1251 days ago
KISS

This is a simple script, it deserves a simple license.

Nobody is going to 'sell' just a simple one page script and nothing prevents me from looking at the arguments it uses and putting them into my own commercial product. You don't 'license' arguments to gpg.

link
jph 1251 days ago
It turns out that GPL is a much simpler license for very large enterprises. In fact, this GPL license was originally chosen because it's the simplest for one of my Fortune 50 company clients.
link
latchkey 1251 days ago
Simpler than what, MIT?
link
jph 1251 days ago
Yes simpler than MIT.

The Fortune 50's compliance team carefully evaluated many open source licenses, including MIT, BSD, GPL, Apache, etc. and determined that GPL is the best for their company for internal tools such as these, that must be wholly separate from any product offerings.

And when I say carefully, I mean multiple lawyers, for multiple years, considering many worldwide regulatory compliance laws. GPL won over all the other options.

link
jph 1251 days ago
Good constructive feedback, much appreciated.

> Prefer just a simple MIT over GPL

Done. I added MIT or Apache-2.0 or GPL-2.0-or-later.

> properly license your repo on Github

Done. I added LICENSE.md file with SPDX links.

> Unit tests

Done. I added example tests. Do you have a preferred POSIX shell script unit test approach?

> And more...

Good ideas, all of them. I'll add your ideas to a new TODO section.

Thank you so much!

link