[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#27909] Replace keepassx with keepassxc
|
From: |
Leo Famulari |
|
Subject: |
[bug#27909] Replace keepassx with keepassxc |
|
Date: |
Tue, 1 Aug 2017 17:17:40 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Tue, Aug 01, 2017 at 11:27:11PM +0300, Manolis Ragkousis wrote:
> Wouldn't it be a better option to keep both version for the time being?
> Unless of course there is a security issue if we keep keepassx.
I think that using Qt-4 is a security issue because it's unmaintained
for a long while now, relative to its complexity.
But we still have it in Guix because some packages would have to be
removed if we remove it, and we don't have a clear or simple policy
about what to do in cases like that. By the way, I'm not suggesting we
need such a policy.
Eventually we should remove those things, because it's not great to
offer users programs that we suspect have security bugs.
If somebody starting publishing details of how to exploit Qt-4 apps,
then I think the choice would be clear. But I haven't read any such
reports, so I don't know for sure that it's vulnerable. I think it's a
good bet, however.
signature.asc
Description: PGP signature
bug#27909: Replace keepassx with keepassxc, Ricardo Wurmus, 2017/08/16