@juliank
"People just are acting very suspicious, trying to push new features or new upstream releases in without giving it any review or thought."
"The upstream developments have been very concerning, I can't be the only one feeling that way."
Could you elaborate these a bit?
@varjolintu What happens with keepassxc packaging is exactly the same thing what happened with xz-utils.
People demand new upstream releases getting merged quickly, some with upload rights threaten to upload them themselves, people "helpfully" package new upstream versions for you. I employ a 0 trust model, so I need to redo it all anyway to make sure it was not tampered with.
Now they may be honest, but after being burned out by time_t and then xz-utils you can understand I'm very cautious