Julian Andres Klode 🏳️‍🌈

@varjolintu Optimally I'd go a step further:

- make keepassxc open files using portals (it might already, I don't know)
- write an AppArmor profile that only allows r/w configuration files, and read access to /usr

Then you can select databases, key files, and work with them and rest assured that even if keepassxc core is compromised (whether that's a new malicious maintainer sneaking in, or a gcc backdoor 😄) it can't talk anywhere else.

Like 11 May at 11:00 | Wall-to-wall | Open on mastodon.social