@juliank @stardust @tuxwise@tchncs.de I certainly don't fire up a text editor and check the NOTES files first before I run apt upgrade or click the "Install now" button on the update reminder popup and I am probably much more of an expert user. We can only implore you to revert your decision. Your concerns about supply chain attacks in particular are certainly not unfounded, but you cannot export the complexity of this decision to your users in a way they will not and cannot understand.
@keepassxc I think renaming the package to keepassxc-minimal will make it much clearer, and I'll try to do that and I hope it gets accepted.
I'm very torn on the upgrade path with a transitional keepassxc package, we can depend on keepassxc-minimal|keepassxc-full or the other way around.
Once we drop the transitional package is when things become nice: apt install keepassxc will tell you that there's a minimal and a full, and you can select it.
@stardust @tuxwise