Thread 107064036

Remember when Debian blocked KeepassXC from accessing the internet and the main keepassxc developer went mad? Really makes you think.

>>107064036 (OP)
This is the exact reason linux maintainers cannot be trusted. Instead of packing the application the way the developer intended, they want to mess with shit that's none of their business. Windows and macOS are far more secure and better because you get software from the developer rather than some random person tinkering with the package without you even knowing about it.

>>107064123
This is why I trust red hat more than some troon uploading to the AUR

>>107064123
looks like someone is still mad about plugging the security hole

>>107064123
that's exactly why I run my own distro, I don't need some troon to decide how to package stuff.

>>107064036 (OP)
>Free as in free from choice

>>107064036 (OP)
idc I'm using KeeWeb.

>>107064123
They're compile options.
you're giving up your compile option choice when you choose a maintainer.
unironically install gentoo.

>>107064123
trvke. package maintainers who think they know better than the developer start fucking their shit and using weird flags and patches. when the software breaks the developer gets the blame even if it's some unreproducible bug on some obscure distro. desktop linux software is broken on a fundamental level.

>>107064123
if these features were hardcoded in and debian lowkey may them rethink that approach then it's good. these are features i use so i would want the full package as well but the arguments about reducing attack surface are good.
it overall seems like a non-issue because of how it's packaged anyway
>The actual impact will be negligible for users of stable versions of Debian, Ubuntu, and other Debian-derived distributions. Klode said that when Debian Trixie is released, upgrades and new installs of the keepassxc package will receive a transitional package that prompts them to decide between "full" and "minimal" packages. Klode says that this will allow users upgrading from bookworm to preserve their current setup. Future releases will have a "virtual" keepassxc package that, again, requires the user to explicitly select one or the other.

>>107064036 (OP)
testing faggots got cucked

>>107064036 (OP)
Why, may I ask, does it need internet access?

>>107064543
Sync features?

>>107064564
Where? guide me. As far as I know, it only needs wifi to download website favicons, which can be imported offline anyway

>>107064595
>Where?
How would I know I don't use this shit.

>>107064611
Well, I do, and there no such features. That retard is bitching about maintainers breaking his "download icons" button, which is unnecessary and only works half the time

>>107064036 (OP)
trannies will say that linux is totally fine for normal people and do shit like this, lmao.

>>107064793
You sound both retarded and obsessed with trannies. Are you sure you're on the right board, champ?

>>107064315
Not all compile options are exposed by useflags.
Install LFS.

>>107064900
Imagine trusting other people's code. Like sloppy seconds.
Write your own software. Yes, drivers and OS too.

Can anyone tell me what this means in english?

>>107064543
KeepassXC can send your hashed passwords to haveibeenpwned.com to see if you were the victim of data breaches.

>>107064875
You need to go back.

>>107065361
Why are you talking about yourself in second person, MIGApede?

>>107064387
>Klode
subtlest vibe coder ever, real nice try claude by anthropic...

>>107065419
I’m nta you originally replied to and I don’t support Trump.
You are a troon tourist though and you have to go back.

>>107065482
>you have to go back
I won't.

>>107065501
but you have to

>>107065513
Tough shit.

>>107065274
Where? Guide me. Which setting? does it do that automatically?

>>107065552
Open a database and go to: Database > Database Reports (Ctrl+Shift+R) > HIBP

>>107065552
>tools
>database reports
>hibp
not automatic

>>107064123
If you want software exactly as the developer intended, download and install the (official) Flatpak or AppImage release instead. KeePassXC has a Flatpak package, and it's the officially recommended way to install it.

>>107065173
Debian maintainers chose to make a secure version before they made the full version available

https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC
>KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled.

>>107065590
not tools actually just database ignore the first thing

>>107065595
fuck fagpack annoying piece of shite i've ever had the displeasure of having to use for some shit

>>107065590
okey thanks, that could be useful

>>107065659
Good thing you've got 2fa set up... Right?

>>107065670
those are all for local network shit like ap control panels and the like so they're not accessible outside thankfully

>>107064143
AUR is actually better than most normal package managers because you can inspect the PKGBUILD and verify it gets the files from the right place and builds it from source.
All binary packages are "trust me bro" tier.

>>107064123
It's open source. If you don't like the compile options the maintainers choose for the software, compile it yourself and/or install gentoo.

>>107065659
damn, I only got 10k and 100k :(

>>107065755
millions of time is unsurprisingly
>admin

>>107065771
bruh
I got 100k on my google account "A1234567s"
I use that account for youtube, and nothing more. My subscriptions and likes have been leaked, oh the horror...

>>107064036 (OP)
Windowschad here
I block KeePass and any other program I want from the internet using Windows Defender Firewall with Advanced Security
Lintroons will never have this

>>107064123
why would you want your password vault to access the internet? sounds like the debian guy was doing a good thing and the keepassxc dev glows.

>>107065891
>why would you want your password vault to access the internet?
for features like >>107065590
>>107065659
and to download favicons of site I guess

>>107065922
>deliberately sending your passwords to someone on the internet
LMAO WTF

>>107065940
>sending your passwords
i see you can't read, sad

>>107064123
This is the exact reason upstream maintainers cannot be trusted. Instead of packing the application in a way that respects the user, they want to mess with shit that's none of their business. Debian and Fedora are far more secure and better because you get software from a trusted packager rather than some random person tinkering with your system without you even knowing about it.

Debian maintainers are pretty obsessed with security and licenses. I mean they forked firefox to iceweasel because of the licensing on the logo/icon. Now with this audacity thing I'm still running the old version.

If they say its best practice to block these features of keepassxc, it's their right. I mean it is open source isn't it? It's supposed to be changeable.

I like this about debian, it's one of the reasons I run it.

>>107065501
That’s fine, you’ll join the 41% eventually.

>>107064387
But why do end users have to look this up? Why do they have to know what "minimal" and "full" feature? Why not just fix the security issue in-kernel and just install full?

>>107066296
because it's not a real security issue so much as a feature that gives the ick to the maintainer there's nothing to fix users have to explicit click "connect to internet" buttons for these to do anything see for example >>107065590

>>107065719
sure, just compile everything from source dude
why not use gentoo at that point honestly
you realize the main point of compiled package package managers is so you don't have to spend hours compiling even slight version bumps on your software?

>>107066258
>being the meme

>>107066039
If you don’t trust the developer then why use their software? What you’re saying doesn’t make any sense. Debian backdooring your packages isn’t secure despite what you think.

>>107068101
he just edited an anti-linux comment, ironically in a way that goes against his very comment but oh well

>>107066988
>tds
>left can't meme
wew

>>107064036 (OP)
>blocked KeepassXC from accessing the internet
Imagine being so cucked you actually let your passwords into the internet.

No excuse for this level of retardation.

lesspass, stateless password manager is what you want to use

>>107065147
Imagine trusting other people's hardware. Source your own materials, mine it, refine it, manufacture and assemble chips and pcb's. It's the only way you can be certain.

I don't even connect to anything outside of my own internet infrastructure. The power generation is also wholly mine from the ground up.

>>107064543
Browser integration I’d imagine. And also>>107064628

>>107064036 (OP)
this is EXACTLY the kind of people I'd like to trust my passwords with, kek

>>107064036 (OP)
Works just fine on LinuxMint.

>>107070394
That is done via extension, you don't even need to have the packages to be able to use it, just the database.

>>107064036 (OP)
thats why i lov debian, it has stric public policies that developers and package mainteners follow along.

>>107064036 (OP)
What the fuck, that's based. I'm actually considering installing debian now.

this got me spooked. is keepassxc really not okay to use?

>>107066925
>why not use gentoo at that point honestly
or just use NIX/Guix where you can guarantee a package fits its functional description whether it's compiled locally or not. Gentoo is just yesteryear's Guix.

>>107072294
it's fine

>>107068101
The developer could sell out or could suddenly make a user hostile choice.
See for example Simple Mobile Tools: dev sold the apps to some greedy company that added ads and spyware to the play store versions. F-droid (the distro) caught the change and switched to the fork Fossify keeping their users safe.
I trust distros because they have policies and processes to ensure users are respected. Debian has a great track record of this.

>>107069915
Stay mad, MIGApede.

>>107072294
It's free software and has been audited. If it did anything shady, it'd be found way faster than the xz exploit.

>>107065274
>KeepassXC can send your hashed passwords
>hashed
like I'd ever trust a (((password manager))) to do that instead of pushing all my shit to mossad.
lol. lmao even.

>>107068101
>removing the backdoor is backdooring
post your nose, moshe

>>107073700
Exactly, these damn DEMONrats are taking backdoored mossad jewish (((passwords))) and sending them to the NSA CIA because the vaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx dementia joe biden doesn't even know Keep ASS ex dee is all just a tranny indian psyop. Fucking libs

>>107064257
/thread
When people start screeching about muh freedom you can safely assume they are an authoritarian at best and the only reason they aren't full out fascist is that they are too impotent to make the step up from authoritarian to fascist.
>b-b--but it's only for your own good!
Yeah that's what every authoritarian and fascist says.