Gregory's Server@tuxwise @juliank @keepassxc I don't think so, and many users in the discussion agree. If most users use only a small subset of the functionnality, then the smart secure move is to provide it and make it the default. Now it would be better if Keepassxc showed a message saying that that version is the minimal one, and that a full one is available, but that's not in the hands of the debian maintainer.
|
9 comments
 @tuxwise @RLetot @keepassxc I was just being courteous, signing in on my phone and giving a short reply while travelling. The concern is that somebody leaves or somebody new comes and picks up a subsystem and eventually maintains it on their own because the others don't actually use it and then believe the subsystem expert. That's somewhat normal. This opens the doors for malicious actors to appear and compromise less popular subsystems. 1/2 @tuxwise @RLetot @keepassxc Hence I did not want to expose new users to optional subsystem code by default. This seems a reasonable stance. It is what Debian users generally expect. Sadly I could not do that without breaking some users existing functionality. I can add a debconf dialog on upgrades to tell you more explicitly. I will have to think about how we can solve this better in the future for similar situations (upgraded get X, new gets Y), but this requires new apt features. @tuxwise @RLetot @keepassxc We can also rename the existing package to KeePassXC-minimal and then remove the keepassxc package. Then users will get a message from apt when doing install keepassxc that tells them it's provided by either. But anyway I hope this longer explanation seems less rude to you, I had to sit down in the middle of a city trying to get it out on my phone. I personally wouldn't mind and would in fact choose to use the minimised version with all those things removed, aside from the YubiKey support. That's the only part that seems a bit odd... All the other features, though? I would happily use the "feature-less" version. (would *strongly* opt for it, in fact, if it did still have YubiKey support) There is no point in continuing to discuss with you if you now call your rude tone "courteous" and think that deflecting from that tone by adding more and more reply text will somehow cover up your foul language. You are muted now, don't bother to reply. @tuxwise @keepassxc I know that English is not my language, so maybe I missed something, but where is there foul language from @juliank ??? @tuxwise What in the ever loving F... are you talking about? Please quote @juliank being rude. @tuxwise sorry, but I find your tone a lot more rude and condescending than what I read from @juliank. You want more respect from people ? Maybe start by respecting them yourself. Bye. @keepassxc |
@RLetot
I was not referring to providing a minimal and a full version, to which the original developer agreed to as well.
As you can easily see from actually reading what I wrote, I criticized the rude tone, and the wrecking of the implied contract with those who have installed the existing package. And I stand by that.
@juliank @keepassxc