agebox Maintenance question

This looks quite convenient and modern, but I haven't adopted it yet - currently using a mix of in different projects including blackbox, git-secret, and even gopass and would like to consolidate on a simple modern solution.

I'd like to using something with a group of fellow users who are interested in helping each other out. Wondering how you're thinking about maintenance @slok - do you want help testing any of these dependabot issues? I noticed that @katexochen has a fork where they merged in some vulnerability fixes https://github.com/katexochen/agebox/tree/fix-vulns

Oct 03 '24 07:10 jcrben

My fork is/was only to upstream the security fixes in https://github.com/slok/agebox/pull/199.

Notice that that we decided to remove the package from nixpkgs as it is security critical software and unmaintained: https://github.com/NixOS/nixpkgs/pull/326671

Oct 04 '24 06:10 katexochen

I do my best 🤷, the project will not get new features, I think it has good enough constrained features and simple API for general/regular usage. From time to time I will try update the dependencies, but I can't promise that it will be up to date always.

I will cut a new release with tooling and updates: https://github.com/slok/agebox/pull/201

Thanks for the interest!

Oct 04 '24 08:10 slok

The frozen feature set is actually what I'm looking for!

Oct 04 '24 22:10 jcrben

Another thing @slok - what do you think about adding a SECURITY.md so that it's easy to see what the security policy is?

Oct 05 '24 19:10 jcrben