Hello,
Thank you for your interest in Debian.
>From the website (which unfortunately uses github):
pw was written by Dashamir Hoxha (dashohoxha@gmail.com). The code is
on GitHub at https://github.com/dashohoxha/pw. pw started as a fork of
pass (http://www.passwordstore.org/), written by Jason A. Donenfeld
(Jason@zx2c4.com).
pass is already packaged, works perfectly (I use it myself), has an
active upstream, and doesn't use github (which IMO is a feature
nowadays). What is the advantage of having "pw" in the archive?
A couple of years ago I made some suggestions for improvement to 'pass'.
I proposed to use an encrypted archive for the whole directory of passwords,
instead of encrypting only the passwords, because this way the structure of
the passwords is hidden and protected as well, besides the passwords themselves.
This looks like a reasonable thing, however it conflicts with some other
feature of 'pass', namely the ability to share different branches of passwords
with different people. Since 'pass' is widely used, there is no way to remove
an existing feature from it, since some of the users may already depend on it.
So, my proposal could not be technically accepted and the only way was
to start a fork, which I did. Later I continued to add more features which
make it different from 'pass'. For example having a GPG key is a must
for using 'pass', however in 'pw' it is only an option, one can also use
a simple password for encrypting the archive. In my opinion this makes
'pw' easier to get started, compared to 'pass', since we all know that
managing GPG keys is not an easy task, especially for beginners.
Another difference is that in 'pass' you can share your passwords with
other people only through a central git repository. In 'pw' you need to
synchronize the encrypted archives with other people, and this can be
done with 'scp' or 'rsync' or any other means.
So, the main target users of 'pass' are big enterprises, or organizations,
or corporations. On the other hand 'pw' is more suitable for individuals
or small groups.
I do not claim that 'pw' is better than 'pass', but at least they are different,
because they have different features. So, it makes sense to have both
of them in the repository, and let the users decide which one is more suitable
for their needs.
References:
I don't think that the place of hosting adds or removes anything to the merits
of an application. However 'pw' is a free software and it is hosted on a site
that so far has offered great service, and is friendly and not hostile to free software
(at least not yet). Anybody who cares about it is free to make a mirror to their
preferred or trusted hosting service. I do this often for the programs or tools
that I need to use on my applications, just in case that they suddenly disappear
from the face of the Earth. If I had hosted 'pw' on my own personal server,
this would not make it more safe, or secure, or reliable. My point is that the
place of hosting does not matter.
Thanks,
--
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/