[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#27909] Replace keepassx with keepassxc
|
From: |
Manolis Ragkousis |
|
Subject: |
[bug#27909] Replace keepassx with keepassxc |
|
Date: |
Wed, 2 Aug 2017 21:28:47 +0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
On 08/02/2017 12:17 AM, Leo Famulari wrote:
> On Tue, Aug 01, 2017 at 11:27:11PM +0300, Manolis Ragkousis wrote:
>> Wouldn't it be a better option to keep both version for the time being?
>> Unless of course there is a security issue if we keep keepassx.
>
> I think that using Qt-4 is a security issue because it's unmaintained
> for a long while now, relative to its complexity.
>
> But we still have it in Guix because some packages would have to be
> removed if we remove it, and we don't have a clear or simple policy
> about what to do in cases like that. By the way, I'm not suggesting we
> need such a policy.
>
> Eventually we should remove those things, because it's not great to
> offer users programs that we suspect have security bugs.
>
> If somebody starting publishing details of how to exploit Qt-4 apps,
> then I think the choice would be clear. But I haven't read any such
> reports, so I don't know for sure that it's vulnerable. I think it's a
> good bet, however.
>
I tested keepassxc locally and it opens my .kdbx file correctly. I think
there will be no problems with the change.
If no one else objects please push your patch. We don't want a possible
security issue in the future. :)
Thank you,
Manolis
bug#27909: Replace keepassx with keepassxc, Ricardo Wurmus, 2017/08/16