Email or username:

Password:

Forgot your password?
Top-level
Richard Johnson

@keepassxc @paul_ipv6

Unilaterally here appears to actually mean: After notice and discussion, the core app requires attack surface reduction spurred by threat model change. Feature add version available for those with needs/tolerances for riskier surfaces.

6 comments
Brian K. White

@tab2space @keepassxc @paul_ipv6

That keepassxc devs themselves don't agree, and think conveniences are more important than security *in a password manager* makes me question the wisdom of using keepassxc as ones keepass client.

All the users I can forgive (well, not them either but it's at least expected if still not excusable) but the actual devs of a password manager?

Team KeePassXC

@bkw777 @tab2space @paul_ipv6 why would we develop and maintain and personally use a feature we don't trust. Use your noggin, we eat our own dogfood.

Brian K. White

@keepassxc @tab2space @paul_ipv6
Your trust of a feature is entirely irrelevant to my point and does not invalidate it.

Presenting a non-sequiter like that as an argument places you in a not-great position from which to try to talk about anyone else's failure to use any noggins.

Richard Johnson

@keepassxc @bkw777 @paul_ipv6

Your heat here seems very weird to me. Defensiveness isn't warranted.

Chances of problems scale with complexity. A feature with no known bugs still has a chance of bugs being discovered later. If the feature implementation isn't present, however, then those bugs don't affect the release without the feature.

I encourage you to embrace the options of being able to use core functionality, while adding access methods tailored for a user's risk appetite.

yoshir

@bkw777
If people wanted minimal password manager they would install keepass2 and not password manager that is advertised with "unsecure" features.
@tab2space @paul_ipv6

Richard Johnson

@yoshir @bkw777 @paul_ipv6
The fragmentation (and the effective yet-another-Android app clone fragmentation grenade) is one of the reasons I moved on from keepass$whatnow ecosystem. Which were trojan horses? I didn't have ability to be remotely confident.

Go Up