Closed DanielHeath closed 10 years ago
+1
Perhaps keybase.io could help to establish that trust?
A message on the primary site would be plenty for me
On 23 October 2014 6:44:43 PM AEDT, Sam notifications@github.com wrote:
Perhaps keybase.io could help to establish that trust?
Reply to this email directly or view it on GitHub: https://github.com/lastpass/lastpass-cli/issues/14#issuecomment-60203257
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
I'd prefer not to depend on any more third parties. Using github is bad enough, but for 'trust once' I'll accept it.
On 23 October 2014 6:44:43 PM AEDT, Sam notifications@github.com wrote:
Perhaps keybase.io could help to establish that trust?
Reply to this email directly or view it on GitHub: https://github.com/lastpass/lastpass-cli/issues/14#issuecomment-60203257
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
There is this at least: http://blog.lastpass.com/2014/10/open-sourced-lastpass-command-line.html
Wait, the official lastpass blog is served over http?
I would have expected them to be running TLS everywhere.
On Oct 24, 2014, at 12:52 AM, Bob Copeland notifications@github.com wrote:
There is this at least: http://blog.lastpass.com/2014/10/open-sourced-lastpass-command-line.html http://blog.lastpass.com/2014/10/open-sourced-lastpass-command-line.html — Reply to this email directly or view it on GitHub https://github.com/lastpass/lastpass-cli/issues/14#issuecomment-60241450.
Unfortunately the blog is on Google blogger, which AFAIK doesn't support https. Everything on the main website is https, though (and uses HSTS).
For most services I use that would be plenty of verification.
For anything this sensitive, it's got to be delivered over TLS.
FYI, we also have posted an article on our helpdesk site: https://helpdesk.lastpass.com/features/lastpass-command-line-application/
Closing on the basis of boblastpass' comment
It'd be good to verify that this code is actually supplied by the lastpass team.
The sanest way I can think of to do that is a link/mention of from https://lastpass.com/ to this github organization. Is there one?