Feature: ability to turn off lastmodified and mac

[cgetzen]

I believe my organization's use-case is quite common: using sops to encrypt secrets to store them in git.

This poses a scalability challenge: If two PRs edit the file, the latter one will have merge conflicts.

One way to mitigate this is to split up the files. We don't want to do this!

If we had the ability to turn off lastmodified and mac, PRs would only have merge conflicts if they modified the same keys.

I think these two fields are unnecessary for our use-case:

• lastmodified can be determined in git history
• modifications are code-reviewed, so detecting fraudulent modifications feels out of scope for this use-case. There is one threat model that sticks out here: a git user who doesn't have access to the encryption key is able to create a pull request that uses old encrypted values, and can also swap values between keys.

[felixfontein]

Disabling the MAC in general (not as an optional escape hatch on decryption; for that we have the --ignore-mac option that should only be used if absolutely needed) is a foot-gun I do not want included in any serious security tool like SOPS. That opinion is also shared by the original authors of SOPS, as stated in #52.

As mentioned multiple times in #52, it's better to have a Git mergetool for SOPS than reducing security by removing MAC checks.