Email or username:

Password:

Forgot your password?
Top-level
Julian Andres Klode πŸ³οΈβ€πŸŒˆ

@tuxwise I took my time to reach the decision it went back and forth for a year, and the xz-utils thing eventually tilted things in favour of shipping as little code builtin as possible by default.

I do not believe however that there is a significant overlap between people who use Debian, keepaasxc, and people looking for a featureful password manager.

It just makes no sense to go with a local only password manager and then put gaping holes in it.
@keepassxc

7 comments
Mathijs

@juliank @tuxwise @keepassxc I fall into this category, though I would obviously like to think I'm unique. Either way, you mentioned taking the time to make a desicion, and yet the upstream devs seemed to have been caught completely by surprise. That really shouldn't happen for what I hope are obvious reasons. What went wrong here? Did they just ignore all your communications and deliberations about this decision?

Julian Andres Klode πŸ³οΈβ€πŸŒˆ

@mvgorcum It's a question for the Debian project I polled other Debian developers on IRC. We already knew upstream's position on this.

Could I have communicated it to them? Sure. Did they abandon IRC years ago? Yes. Well there's some weird Heisenbridge thing but it's WEIRD and nobody has talked to me for years. πŸ€·β€β™‚οΈ

I barely have the energy to package new versions, seeking out and engaging with upstream on these grounds on downstream decisions is a tad much.

@tuxwise @keepassxc

Mathijs

@juliank @tuxwise @keepassxc I don't run debian testing, so I hadn't run into this yet, but I would certainly have gone to upstream when I saw this breaking change. I would argue that at least doing them the courtesy of a heads up would be the decent human interaction thing. It may have allowed them to join the discussion, and possibly made my life easier as a user, but certainly their life easier. Adversarial packaging is allowed by GPL, but wouldn't that be a last resort?

Mathijs

@juliank @tuxwise @keepassxc on a related note: this whole thing must not be fun, I do appreciate that this gives you a lot of work that you didn't really ask for. Thank you for packaging keepassxc and spending the time, and I'm sorry you have to deal with loads of people having opinions on your choices, that's never fun...

Euph0r14

@mvgorcum @juliank @tuxwise @keepassxc also im unsure how this improves security. Any user who finds out about this will just immediately move to the full release.

Adding a β€œlite” package would have been better.

Team KeePassXC

@juliank @mvgorcum @tuxwise we have multiple, MULTIPLE, means to get in touch with us. We moved to matrix years ago, but still bridge to IRC. Easily found through our Readme. Sorry this went down this way but it does end up having a huge negative impact on us when downstream shit breaks unexpectedly.

gudinoff

@juliank @tuxwise @keepassxc
This was my first thought when reading the headline.
I get that some people would prefer to have all the features by default, but given the nature of the package, I totally understand and agree that we should lean on the safe side by default.

Go Up