• federalreverse-oldOP
    link
    fedilink
    35
    edit-2
    6 months ago

    Afaiu it, he added a second package with (quote) “all the crap” later, after the storm.

    And no, it wasn’t just the favicons feature that was removed (which like … is that really such a big privacy issue that you need to remove it from the binary?). Support for Yubikey was removed as well — which is not a privacy issue. The reasoning mentioned by the Debian maintainer is that all of these features might turn out to be security issues in the long run. Thus, in his view, a password manager application must do nothing but provide access to the database within the app.

    I find it an interesting example of diverging upstream, maintainer, and user interests in any case.

    • lemmyvore
      link
      fedilink
      English
      42
      edit-2
      6 months ago

      I find it a lot of unnecessary fuss over unstable. Sid is supposed to make breaking changes, you offer feedback and you follow it through politely. The next Debian stable is one year away, this is not an urgent matter

    • @[email protected]
      link
      fedilink
      English
      196 months ago

      And no, it wasn’t just the favicons feature that was removed (which like … is that really such a big privacy issue that you need to remove it from the binary?)

      Fetching a favicon means raising a network connection with a predictable endpoint. That’s already three concerns (four on the modern internet) to handle security-wise, and it’s absolutely an unneeded feature. Favicons could just be shipped on something like keepassxc-data or keepassxc-contrib to handle locally, no need to raise a network call.