Jameson Graef Rollins wrote: > Agreed. I guess we have a couple of options here: > > 0) don't sign the db file at all > 1) sign but don't fail on sig check invalid > 2) add option to sign the db and check sig validity
3. Provide a useful error message and leave as-is :) > I added the signing and validation as means to protect against db > tampering, but I'm not sure how useful it actually is. I'll try to get > more feedback from other users. I can't personally think of an attack vector involving changing my passwords to something else in the db, but I suppose that doesn't mean there isn't one. :) -- see shy jo
signature.asc
Description: Digital signature
