Debian Users - Be aware the maintainer of the KeePassXC package for Debian has unilaterally decided to remove ALL features from it. You will need to switch to `keepassxc-full` to maintain capabilities once this lands outside of testing/sid.
They didn’t “strip” anything, they’ve split it into 2 variants, a package without networking features (-DWITH_XC_NETWORKING=OFF) and a package with them, because it’s considered a privacy issue to have your password manager phone home and fetch favicons and so on. The packages will be called keepassxc and keepassxc-full going forward.
I expect the KeepassXC people are mostly bothered by the naming of the package because the version called “keepassxc” is now the basic one. Anyway, the maintainer has offered to call them -minimal and -full and to make “keepassxc” a metapackage that pops up a debconf dialog telling users that install it to choose one. There is precedent with other complex packages that are split into basic and full. This should solve things nicely for everyone.
Afaiu it, he added a second package with (quote) “all the crap” later, after the storm.
And no, it wasn’t just the favicons feature that was removed (which like … is that really such a big privacy issue that you need to remove it from the binary?). Support for Yubikey was removed as well — which is not a privacy issue. The reasoning mentioned by the Debian maintainer is that all of these features might turn out to be security issues in the long run. Thus, in his view, a password manager application must do nothing but provide access to the database within the app.
I find it an interesting example of diverging upstream, maintainer, and user interests in any case.
I find it a lot of unnecessary fuss over unstable. Sid is supposed to make breaking changes, you offer feedback and you follow it through politely. The next Debian stable is one year away, this is not an urgent matter
They didn’t “strip” anything, they’ve split it into 2 variants, a package without networking features (
-DWITH_XC_NETWORKING=OFF
) and a package with them, because it’s considered a privacy issue to have your password manager phone home and fetch favicons and so on. The packages will be calledkeepassxc
andkeepassxc-full
going forward.KeepassXC replied on that thread that it wasn’t just the privacy problematic networking that was removed:
https://fosstodon.org/@keepassxc/112417651131348253
I expect the KeepassXC people are mostly bothered by the naming of the package because the version called “keepassxc” is now the basic one. Anyway, the maintainer has offered to call them
-minimal
and-full
and to make “keepassxc” a metapackage that pops up a debconf dialog telling users that install it to choose one. There is precedent with other complex packages that are split into basic and full. This should solve things nicely for everyone.Afaiu it, he added a second package with (quote) “all the crap” later, after the storm.
And no, it wasn’t just the favicons feature that was removed (which like … is that really such a big privacy issue that you need to remove it from the binary?). Support for Yubikey was removed as well — which is not a privacy issue. The reasoning mentioned by the Debian maintainer is that all of these features might turn out to be security issues in the long run. Thus, in his view, a password manager application must do nothing but provide access to the database within the app.
I find it an interesting example of diverging upstream, maintainer, and user interests in any case.
I find it a lot of unnecessary fuss over unstable. Sid is supposed to make breaking changes, you offer feedback and you follow it through politely. The next Debian stable is one year away, this is not an urgent matter
There are so many people who think sid is a distro when really, as far as the Debian project is concerned, it is a staging ground.