@varjolintu What happens with keepassxc packaging is exactly the same thing what happened with xz-utils.
People demand new upstream releases getting merged quickly, some with upload rights threaten to upload them themselves, people "helpfully" package new upstream versions for you. I employ a 0 trust model, so I need to redo it all anyway to make sure it was not tampered with.
Now they may be honest, but after being burned out by time_t and then xz-utils you can understand I'm very cautious
@varjolintu On the upstream side, I think there's some misalignment between various fractions.
I need my password manager to manage my passwords. In fact I use keepaasxc only for high value targets, like my backup encryption keys, or the key to my day-to-day bitwarden account (as I need the sync to Chromebooks, family account sharing, etc, I do self host a vaultwarden for it).