The recent changes that were applied to the KeePassXC package in Debian generated user discontent

KeePassXC logo

Recently the news was announced that in Debian, Due to issues of the KeePassXC package maintainer, significant changes have been applied, since now a simplified version is offered of the program that retains only the basic functions necessary to store passwords securely on the local system.

That is to say, all those advanced functionss, such as network capability, IPC management code, web browser integration, automatic password functionality, and Yubikey key support, se have been removed from the standard package.

The maintainer mentions that among the reasons that led him to implement these changes, highlights the reduce the attack surface and improve security and privacy.

And although the maintainer's decision was in relation to improving security and user privacy, many of them did not take kindly to this change, Since instead of generating acceptance, these changes have generated controversy among some users who hoped to maintain the full functionality of KeePassXC.

Between the changes that unhappy users suggested was that the KeePassXC maintainer on Debian should revert the change and revert to offer the original version of the package under the same nameWhile simplified version could be renamed keepassxc-minimal to avoid confusion and satisfy those who prefer full functionality.

In addition to that, It is worth mentioning that the debate The decision to maintain KeePassXC for Debian has generated various opinions and concerns. On the one hand, some users and the main developer by KeePassXCwho noted that users associate the loss of functionality with the main project and they complain to the KeePassXC developers, and not to the Debian package maintainer

On the other hand, KeePassXC developer I also point out that this could have negative repercussions on the reputation of KeePassXC as a project. This is because users could associate the loss of functionality with the main project, which could lead to discontent and criticism towards the KeePassXC developers, rather than directing those concerns to the package maintainer at Debian.

The issue of the legality and ethics of distributing a package maintaining the project name, but with a fundamental difference in functionality compared to the base package provided by the main developers, is also pointed out, so this is also taken as something negative. This raises questions about clarity in communicating changes and the need to respect the integrity and image of the original project when making significant modifications to distributed packages.

On the other hand, Proponents of the change argue that each additional functionality enabled represents a potential security risk, and that the distribution of the simplified package is limited to the unstable and test repositories for testing and evaluation, not the stable versions of the distribution.

Furthermore, it is clarified that the features considered as plugins are actually built-in features in KeePassXC, which are disabled by default, but can be activated by users according to their needs. The reference to getting rid of external libraries is also considered incorrect, since Yubikey support is built directly into the main KeePassXC codebase, without relying on external libraries.

About the case, it is worth mentioning that a separate package called keepassxc-full has been created that includes all the advanced features of the original version. The change has affected some users who have experienced a lack of familiar functionality after the update, which has been perceived as a technical issue.

Finally I can personally mention thatThese types of changes not only affect the user experience, but can also cause confusion and problems that the project developers should not be dealing with, since applying changes of this type should first be consulted with the development team (in this case KeePassXC) or, failing that, not offer the package under the same name as the original package.

Finally If you are interested in knowing more about it, you can check the details in the following link


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.