Bug#926509: Package orphaned?

2019-08-15 Thread Julian Andres Klode
On Thu, Aug 15, 2019 at 01:20:13AM +, nemo Inis wrote:
> Has this package been orphaned? It seems unlikely that a security tool such 
> as a password
> manager would lag one year behind upstream's current version?

No. We were in freeze. We are now out of freeze and I'll push out
an update to unstable soon.

> 
> Should we just call it quit and switch to the upstream AppImage?
> 
> I'm not being snarky here - this is a safety issue. A word of reassurance (or 
> of any other
> news) from the maintainer would be welcome.

If there had been a CVE, you would have gotten a security update.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en



Bug#926509: Package orphaned?

2019-08-14 Thread nemo Inis
On Wed, 14 Aug 2019 21:25:35 -0400 John Scott  wrote:
> On Wednesday, August 14, 2019 9:20:13 PM EDT you wrote:
> > I'm not being snarky here - this is a safety issue.
> How so? It doesn't seem to have any security issues

Quick excerpt from the release notes for the versions unavailable on Debian:

Improve resilience against memory attacks - overwrite memory before free [#3020]
Fix data loss due to not reading all database attachments if duplicates exist 
[#3180]
Fix database deletion when using unsafe saves to a different file system [#2889]
Warn user if deleting entries that are referenced. [#1744]
Linux: Prevent Klipper from storing secrets in clipboard [#1969]



Bug#926509: Package orphaned?

2019-08-14 Thread John Scott
On Wednesday, August 14, 2019 9:20:13 PM EDT you wrote:
> I'm not being snarky here - this is a safety issue.
How so? It doesn't seem to have any security issues
https://security-tracker.debian.org/tracker/source-package/keepassxc


signature.asc
Description: This is a digitally signed message part.


Bug#926509: Package orphaned?

2019-08-14 Thread nemo Inis
Has this package been orphaned? It seems unlikely that a security tool such as 
a password
manager would lag one year behind upstream's current version?

Should we just call it quit and switch to the upstream AppImage?

I'm not being snarky here - this is a safety issue. A word of reassurance (or 
of any other
news) from the maintainer would be welcome.