GNU bug report logs - #27909
Replace keepassx with keepassxc

Previous Next

Full log

View this message in rfc822 format

From: Manolis Ragkousis <manolis837 <at> gmail.com>
To: Efraim Flashner <efraim <at> flashner.co.il>
Cc: 27909 <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name>
Subject: [bug#27909] Replace keepassx with keepassxc
Date: Wed, 2 Aug 2017 21:28:47 +0300

On 08/02/2017 12:17 AM, Leo Famulari wrote:
> On Tue, Aug 01, 2017 at 11:27:11PM +0300, Manolis Ragkousis wrote:
>> Wouldn't it be a better option to keep both version for the time being?
>> Unless of course there is a security issue if we keep keepassx.
> 
> I think that using Qt-4 is a security issue because it's unmaintained
> for a long while now, relative to its complexity.
> 
> But we still have it in Guix because some packages would have to be
> removed if we remove it, and we don't have a clear or simple policy
> about what to do in cases like that. By the way, I'm not suggesting we
> need such a policy.
> 
> Eventually we should remove those things, because it's not great to
> offer users programs that we suspect have security bugs.
> 
> If somebody starting publishing details of how to exploit Qt-4 apps,
> then I think the choice would be clear. But I haven't read any such
> reports, so I don't know for sure that it's vulnerable. I think it's a
> good bet, however.
> 

I tested keepassxc locally and it opens my .kdbx file correctly. I think
there will be no problems with the change.

If no one else objects please push your patch. We don't want a possible
security issue in the future. :)

Thank you,
Manolis

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.