Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

what leads you to suspect he's wrong? from the quotes in your comment i suspect it's his choice to use plain language and openly disagree with others. in my experience that's how trustworthy, competent people talk

people working together successfully in free software doesn't depend on them having the same values or getting along or wanting the software to do the same thing. it just depends on being clear and open about what the software does and doesn't do, and using licenses that keep them from suing you for distributing versions without their preferred features or antifeatures. remember that this is the movement that not only includes richard stallman but was founded by him. if it depended on getting along it never would have left the cradle



I suspect he's wrong because he's disabled some of KeepassXC's most important security features.

One of the largest security threats to users is phishing websites, getting an email and clicking a link, and then typing your actual password into some fake hacker's webpage.

Having browser integration in your password manager, such that it auto-enters the right password on "real-bank.com", but doesn't enter it on "rel-bank.com", is a strong protection against phishing.

The maintainer disabled the browser integration for KeepassXC, which forces users to copy+paste passwords into webpage's password inputs, making them significantly more vulnerable to phishing.

Their fear-mongering about supply-chain attacks and bugs in more LoC is silly when compared to the very real threat of phishing attacks, which are way more prevalent and a way more severe threat.


I guess you missed the bits on Mastodon where the package maintainer simply didn’t bother reaching out to the upstream whatsoever because he was ‘too busy’ and would only do so over a particular IRC setup. That’s not competent or good faith maintenance.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: