The officially official Devuan Forum!

You are not logged in.

#1 2025-08-26 02:20:12

zapper
Member
Registered: 2017-05-29
Posts: 1,100  

Opinions about keypassXC

@knighttemplar you are kinder than I in this regard. I don't put up with crap like that. I would've probably told that dude who wanted to ban you, to quote "suck it."

Even though I probably would have been banned.

I don't tolerate corporate fascists or corporate thugs.

Also, staying with a distro that has such a community is close to the level of bad of tolerating actual idiots.

I have my limits I will say.

wink

Peace and love are good things, but I don't like crap either.

Btw, if you want more people like that dev, try to tell the people who are making the keypassXC to remove dbus because its a privacy risk. I guarantee you they will be just as idiotic.

I saw in a thread them thumbing down people who were correctly pointing out that dbus shouldn't be used in a secure application.

And being generally despicable.

Last edited by zapper (2025-08-26 02:22:30)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#2 2025-08-26 12:37:41

Altoid
Member
Registered: 2017-05-07
Posts: 1,803  

Re: Opinions about keypassXC

Hello:

zapper wrote:

... tell the people who are making the keypassXC to remove dbus ...

Or to package it without any networking code.
ie:
Not optional
Not opt-in
Just no network access code.

keepassxc.org wrote:

KeePassXC needs network access for downloading website icons (favicons) for password entries.

Right ...
A very important and absolutely essential feature, eh?
What would I ever do without my lovely favicons?  8^°

A huge red flag for me.
As always, YMMV.

A.

Last edited by Altoid (2025-08-26 12:38:16)

Offline

#3 2025-08-26 14:22:03

igorzwx
Member
Registered: 2024-05-06
Posts: 228  

Re: Opinions about keypassXC

Altoid wrote:

KeePassXC needs network access for downloading website icons...
Just no network access code.

Is it so difficult to recompile it?

git clone https://github.com/keepassxreboot/keepassxc.git
$ cat keepassxc/CMakeLists.txt | grep NETWORKING
option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF)
    set(WITH_XC_NETWORKING ON)
# Prefer WITH_XC_NETWORKING setting over WITH_XC_UPDATECHECK
if(NOT WITH_XC_NETWORKING AND WITH_XC_UPDATECHECK)
    message(STATUS "Disabling WITH_XC_UPDATECHECK because WITH_XC_NETWORKING is disabled")

 

option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF) 

   
   
AUR : keepassxc-git.git
_https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=keepassxc-git

It can be disabled in CMake config, and re-enabled in debian/rules.
It might be a sort of spyware.
If it is about security, you have to compile it yourself.

...when dealing with security-sensitive software or systems, you should take responsibility for building, configuring, and maintaining it yourself to ensure it's configured to your specific needs and not vulnerable due to third-party misconfigurations.

Last edited by igorzwx (2025-08-26 15:32:11)

Offline

#4 2025-08-26 16:21:08

Altoid
Member
Registered: 2017-05-07
Posts: 1,803  

Re: Opinions about keypassXC

Hello:

igorzwx wrote:

... so difficult to recompile it?

For someone who knows zilch about any and all of that, the answer is, a definitive 'yes'.

It is both much easier and reassuring for me to simply avoid using keypassXC.
I am quite sure a great many Linux users think along the same lines.

Because ...
You know, "it might be a sort of spyware".

igorzwx wrote:

If it is about security, you have to compile it yourself.

Right ...

Well ...
That is but one way of looking at it.
If it were the only way, inherently trusted distributions and repsitories (Like Devuan Linux and others) would not even exist.

As always, YMMV.

A.

Offline

#5 2025-08-26 18:16:53

igorzwx
Member
Registered: 2024-05-06
Posts: 228  

Re: Opinions about keypassXC

Have you ever compiled anything?

Offline

#6 2025-08-26 21:03:39

EDX-0
Member
Registered: 2020-12-12
Posts: 135  

Re: Opinions about keypassXC

i once tried to compile and package newer versions of both imlib and libconfig, autohell really is without a doubt the single bad piece of software created by the gnu project, successful compilation may as well depend on the planets aligning with your zodiac sign.

Online

#7 2025-08-26 21:19:20

greenjeans
Member
Registered: 2017-04-07
Posts: 1,113  
Website

Re: Opinions about keypassXC

^^Lol, "autohell"  lol

I've never compiled anything complex, GCC works for all my stuff so far. I did have to compile qt5gtk2 at one point and do a local make/install, but it had nice clear instructions.


https://sourceforge.net/projects/vuu-do/ New Vuu-do isos uploaded August 2025!
Vuu-do GNU/Linux, minimal Devuan-based Openbox and Mate systems to build on. Also a max version for OB.
Devuan 5 mate-mini iso, pure Devuan, 100% no-vuu-do. wink Devuan 6 version also available for testing.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate

Offline

#8 2025-08-26 21:23:12

golinux
Administrator
Registered: 2016-11-25
Posts: 3,523  

Re: Opinions about keypassXC

Back in the day, when computers were still fun,  I built several packages with Soul Singin's:
HowTo Build a Package from Source the Smart Way

It always worked. big_smile

Offline

#9 2025-08-26 21:57:33

igorzwx
Member
Registered: 2024-05-06
Posts: 228  

Re: Opinions about keypassXC

EDX-0 wrote:

successful compilation may as well depend on the planets aligning with your zodiac sign.

Astrology may not help. What is needed is a detailed step-by-step instruction.
If you compile several packages, you may abruptly understand something.

Terms and Concepts

Epiphany: A feeling or moment of sudden and profound understanding.
Insight Learning: A type of learning characterized by a sudden realization of a solution.
Sudden Realization: A more direct description of the phenomenon, involving a rapid comprehension.

Offline

#10 2025-08-26 23:54:04

EDX-0
Member
Registered: 2020-12-12
Posts: 135  

Re: Opinions about keypassXC

Anyway, more on topic, password management really has got me thinking for a while that there is not a real "good" generic way to do password management on a unix like environment, seeing all the threads about complains on password managers like keepass, local secre/password access stuff via gnome-keyring-daemon, and browser/mobile password management where the only good solution is bitwarden as you can host your own server and there are at least 3 implementations of the bitwarden server, not to mention the need for OTP codes and all the problems that the gnome-authenticator package had at one point being removed from testing and how difficult it was for the maintainers to package the newer version of the project after it was rewritten from scratch in rust because the rust model of managing it's own dependencies with cargo has a lot of friction with how packages are built in debian...

All that to say, i've been thinking of looking into writing a set of programs for addressing that madness:

  • password-keyring-daemon: a daemon to replace the secret store functionality of the gnome-keyring-daemon,will however not provide d-bus functionality by default, all the actual storing of secrets and passwords would be done with pass as a pluggable backend, so whoever doesn't like pass can roll his own password manager and backend wrapper to be used with this daemon.

  • password-keyring-daemon-dbus-plugin: an optional plugin for said daemon to add the d-bus functionality for those who need it, this would include the org.freedesktop.secrets portal interface.

  • password-bw-imexporter: a plugin to import-export to/from bitwarden, would use a config file to set the bitwarden server and account credentials so users can still self host bitwarden, the idea is to allow the daemon to fetch the passwords csv, merge with the local password store through the backend and then get a merged csv from the backend to export onto the bitwarden server, this would be one of the pieces of this whole set with network access to sync the password stores.

  • password-keyring-favicon-fetcher: just a "dumb" program to fetch the favicons, the second program of this set to have net code and would serve to prevent the need of net access in the other programs.

  • password-keyring-authenticator-lib: a library to handle all the OTP stuff, not something that would directly be called by the daemon.

  • password-keyring-authenticator: a gui program to manage OTP authentication, be it just copy the OTP code to clipboard or add a new authentication entry be it by qr code image or a token.

  • password-keyring-manager-lib: a thin client library to retrieve passwords from the password-keyring daemon, to be used by a gui program.

  • password-keyring-manager: a gui program to actually manage the locally stored passwords, if the favicon fetcher is present it will show favicons, if the bw-imexporter is present will sync the password store on start and upon changes.

consider those names as placeholders, and for the actual development i would probably use python to have a fast development cycle as besides the very core daemon none of the other programs are "performance critical" to NEED be written in C, and even then re-writing the daemon in C would be something to consider for the time when everything else is working good enouhg..

Tho i got no timeframe whatsoever to do any of this, nor it is for sure i will with my history of starting cobbling together daemons and other programs then taking forever to add basic features...

Online

#11 Yesterday 00:09:18

golinux
Administrator
Registered: 2016-11-25
Posts: 3,523  

Re: Opinions about keypassXC

password-keyring-solutions

Offline

#12 Yesterday 00:37:41

igorzwx
Member
Registered: 2024-05-06
Posts: 228  

Re: Opinions about keypassXC

Password management is a must-have

We revealed attacks against end-to-end encrypted applications, demonstrating the recovery of encrypted confidential data from backups of two messaging apps, whatsapp and Signal, and 10 password managers LastPass, dashlane, zoho, vault, 1password, npass, roboform Keeper, nordpass, protonpass and KeyPassXC. We named these attacks Injection Attacks and the papers were published on Usenix, sec24 and Security and Privacy 24.
_https://twit.tv/posts/transcripts/security-now-992-transcript
_https://twit.tv/shows/security-now/episodes/992

Offline

#13 Yesterday 01:23:13

zapper
Member
Registered: 2017-05-29
Posts: 1,100  

Re: Opinions about keypassXC

@golinux I think part of my response belongs in the thread where I posted.

"@knighttemplar you are kinder than I in this regard. I don't put up with crap like that. I would've probably told that dude who wanted to ban you, to quote "suck it."

Even though I probably would have been banned.

I don't tolerate corporate fascists or corporate thugs.

Also, staying with a distro that has such a community is close to the level of bad of tolerating actual idiots.

I have my limits I will say.

wink"

Last edited by zapper (Yesterday 01:24:38)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#14 Yesterday 01:24:01

zapper
Member
Registered: 2017-05-29
Posts: 1,100  

Re: Opinions about keypassXC

I have recompiled MANY things.  More so once I installed Hyperbola

Including:
virt-manager
dosbox-x (devuan for also!)
dhcpcd-ui
wine
iceweasel-uxp
icedove-uxp
palemoon
focuswriter
bleachbit
rclone
lzdoom
dreamchess
jazz2  Resurrection
luakit
novelwriter
I think that is enough examples big_smile


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#15 Yesterday 10:09:56

igorzwx
Member
Registered: 2024-05-06
Posts: 228  

Re: Opinions about keypassXC

One example is missing.

Offline

#16 Yesterday 13:35:07

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,688  

Re: Opinions about keypassXC

I think part of my response belongs in the thread where I posted.

I was wondering why the first post in this thread contained a response to something that obviously came before the first post. Wasn't sure if I needed a time machine to see it. A link would suffice.

fsmithred (I compiled transcode without detailed step-by-step instructions.)

Offline

#17 Yesterday 13:56:18

igorzwx
Member
Registered: 2024-05-06
Posts: 228  

Re: Opinions about keypassXC

Detailed step-by-step instructions may help to learn and prevent frustration. They may help to build confidence and a sense of accomplishment during the learning process. Later, one might be able to compile without instructions.
For example, if you know how to compile wxMaxima with CMake, you may easily compile keypassXC without instructions.

$ dh_auto_build --list
autoconf             GNU Autoconf (configure)
perl_build           Perl Module::Build (Build.PL)
perl_makemaker       Perl ExtUtils::MakeMaker (Makefile.PL)
makefile             simple Makefile
python_distutils     Python Distutils (setup.py) [DEPRECATED]
cmake+makefile       CMake (CMakeLists.txt) combined with simple Makefile
cmake+ninja          CMake (CMakeLists.txt) combined with Ninja (build.ninja)
ant                  Ant (build.xml)
qmake                qmake (*.pro)
qmake_qt4            qmake for QT 4 (*.pro)
meson+ninja          Meson (meson.build) combined with Ninja (build.ninja)
ninja                Ninja (build.ninja)
kde+makefile         CMake with KDE 4 flags combined with simple Makefile [3rd party]
kde+ninja            CMake with KDE 4 flags combined with Ninja (build.ninja) [3rd party]
kf5+makefile         CMake with KDE Frameworks 5 flags combined with simple Makefile [3rd party]
kf5+ninja            CMake with KDE Frameworks 5 flags combined with Ninja (build.ninja) [3rd party]
lua                  Lua [3rd party]
pybuild              Python pybuild [3rd party]

Auto-selected: makefile

--list is a secret esoteric option

$ man debhelper | grep 'BUILD SYSTEM OPTIONS\|--list' -A4
BUILD SYSTEM OPTIONS
       The following command line options are supported by all of the dh_auto_* debhelper programs. These programs
       support a variety of build systems, and normally heuristically determine which to use, and how to use them.
       You can use these command line options to override the default behavior.  Typically these are passed to dh(1),
       which then passes them to all the dh_auto_* programs.
--
       --list, -l
           List all build systems supported by debhelper on this system. The list includes both default and third
           party build systems (marked as such). Also shows which build system would be automatically selected, or
           which one is manually specified with the --buildsystem option.

Debian packaging is a secret esoteric science. There are, for example, virtual pseudo meta packages, which do not exist. If you ignore them, debhelper may fail to build the package you need
_https://dev1galaxy.org/viewtopic.php?id=6644

If you are not initiated into the secret knowledge, you might be confused.

EXAMPLE: debhelper-compat

$ apt-rdepends --build-depends --follow=DEPENDS wxmaxima
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
wxmaxima
  Build-Depends: appstream-util
  Build-Depends: cmake ( 3.4)
  Build-Depends: debhelper-compat (= 13)
  Build-Depends: desktop-file-utils
  Build-Depends: libwxgtk-webview3.2-dev
  Build-Depends: libwxgtk3.2-dev
  Build-Depends: netcat-openbsd
  Build-Depends: xauth
  Build-Depends: xvfb 
$ apt info debhelper-compat
Package: debhelper-compat
State: not a real package (virtual)
N: Can't select candidate version from package debhelper-compat as it has no candidate
N: Can't select versions from package 'debhelper-compat' as it is purely virtual
N: No packages found

$ apt show debhelper-compat
Package: debhelper-compat
State: not a real package (virtual)
N: Can't select candidate version from package debhelper-compat as it has no candidate
N: Can't select versions from package 'debhelper-compat' as it is purely virtual
N: No packages found 

The package debhelper-compat cannot be installed, for "it is purely virtual". But it might be needed in a certain esoteric sense (think of hidden framework of knowledge).

ALSA users may try to believe that it is not a sort of deliberate obfuscation. It may require a significant mental effort needed for a cognitive process of self-persuasion, where one chooses to interpret an action or statement as accidental or a result of incompetence, rather than malicious intent to obscure "secret knowledge".

Last edited by igorzwx (Yesterday 18:54:15)

Offline

Board footer