search

lastpass / lastpass-cli

LastPass command line interface tool
GNU General Public License v2.0
2.86k stars 290 forks source link

Verification on lastpass.com #14

Closed DanielHeath closed 10 years ago

DanielHeath commented 10 years ago

It'd be good to verify that this code is actually supplied by the lastpass team.

The sanest way I can think of to do that is a link/mention of from https://lastpass.com/ to this github organization. Is there one?

samcday commented 10 years ago

+1

samcday commented 10 years ago

Perhaps keybase.io could help to establish that trust?

DanielHeath commented 10 years ago

A message on the primary site would be plenty for me

On 23 October 2014 6:44:43 PM AEDT, Sam notifications@github.com wrote:

Perhaps keybase.io could help to establish that trust?

Reply to this email directly or view it on GitHub: https://github.com/lastpass/lastpass-cli/issues/14#issuecomment-60203257

Sent from my Android phone with K-9 Mail. Please excuse my brevity.

DanielHeath commented 10 years ago

I'd prefer not to depend on any more third parties. Using github is bad enough, but for 'trust once' I'll accept it.

On 23 October 2014 6:44:43 PM AEDT, Sam notifications@github.com wrote:

Perhaps keybase.io could help to establish that trust?

Reply to this email directly or view it on GitHub: https://github.com/lastpass/lastpass-cli/issues/14#issuecomment-60203257

Sent from my Android phone with K-9 Mail. Please excuse my brevity.

bcopeland commented 10 years ago

There is this at least: http://blog.lastpass.com/2014/10/open-sourced-lastpass-command-line.html

DanielHeath commented 10 years ago

Wait, the official lastpass blog is served over http?

I would have expected them to be running TLS everywhere.

On Oct 24, 2014, at 12:52 AM, Bob Copeland notifications@github.com wrote:

There is this at least: http://blog.lastpass.com/2014/10/open-sourced-lastpass-command-line.html http://blog.lastpass.com/2014/10/open-sourced-lastpass-command-line.html — Reply to this email directly or view it on GitHub https://github.com/lastpass/lastpass-cli/issues/14#issuecomment-60241450.

bcopeland commented 10 years ago

Unfortunately the blog is on Google blogger, which AFAIK doesn't support https. Everything on the main website is https, though (and uses HSTS).

DanielHeath commented 10 years ago

For most services I use that would be plenty of verification.

For anything this sensitive, it's got to be delivered over TLS.

boblastpass commented 10 years ago

FYI, we also have posted an article on our helpdesk site: https://helpdesk.lastpass.com/features/lastpass-command-line-application/

bcopeland commented 10 years ago

Closing on the basis of boblastpass' comment