Debian Users - Be aware the maintainer of the KeePassXC package for Debian has unilaterally decided to remove ALL features from it. You will need to switch to `keepassxc-full` to maintain capabilities once this lands outside of testing/sid.
Debian sid user here, and long time keepassxc user
Debian maintainer didnt communicate this well, but i agree that i dont want my password manager having any access to networking or interacting with anything other than the clipboard.
I’m not a developer or a security expert. This is just my gut feeling talking
Exactly. And if you want those features, you install the full version. Packages can break in sid, that is the whole point of it.
I am also running sid and keepassxc and I see no problem with this change. In fact it seems like a very sane thing to do, and something I wished more packages did.
Sane move by maintainer, but he should not go around calling other people’s code crap unless there is proof that the code was actually crap with gaping security hole
He could have handled it better. But he didn’t call the code crap directly, just the bundle of everything.
Having a meta package and let users choose seems like the best way. But this is a Debian issue, and not a keepassxc issue. It is up to Debian to package it anyway they want.
Debian sid user here, and long time keepassxc user
Debian maintainer didnt communicate this well, but i agree that i dont want my password manager having any access to networking or interacting with anything other than the clipboard.
I’m not a developer or a security expert. This is just my gut feeling talking
Exactly. And if you want those features, you install the full version. Packages can break in sid, that is the whole point of it.
I am also running sid and keepassxc and I see no problem with this change. In fact it seems like a very sane thing to do, and something I wished more packages did.
Sane move by maintainer, but he should not go around calling other people’s code crap unless there is proof that the code was actually crap with gaping security hole
He could have handled it better. But he didn’t call the code crap directly, just the bundle of everything.
Having a meta package and let users choose seems like the best way. But this is a Debian issue, and not a keepassxc issue. It is up to Debian to package it anyway they want.
If you look deeper at the recorded PR commit, comments, and package description it’s clearly straight up mean-spirited.