Bug#926509: Package orphaned?
On Thu, Aug 15, 2019 at 01:20:13AM +, nemo Inis wrote: > Has this package been orphaned? It seems unlikely that a security tool such > as a password > manager would lag one year behind upstream's current version? No. We were in freeze. We are now out of freeze and I'll push out an update to unstable soon. > > Should we just call it quit and switch to the upstream AppImage? > > I'm not being snarky here - this is a safety issue. A word of reassurance (or > of any other > news) from the maintainer would be welcome. If there had been a CVE, you would have gotten a security update. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Bug#926509: Package orphaned?
On Wed, 14 Aug 2019 21:25:35 -0400 John Scott wrote: > On Wednesday, August 14, 2019 9:20:13 PM EDT you wrote: > > I'm not being snarky here - this is a safety issue. > How so? It doesn't seem to have any security issues Quick excerpt from the release notes for the versions unavailable on Debian: Improve resilience against memory attacks - overwrite memory before free [#3020] Fix data loss due to not reading all database attachments if duplicates exist [#3180] Fix database deletion when using unsafe saves to a different file system [#2889] Warn user if deleting entries that are referenced. [#1744] Linux: Prevent Klipper from storing secrets in clipboard [#1969]
Bug#926509: Package orphaned?
On Wednesday, August 14, 2019 9:20:13 PM EDT you wrote: > I'm not being snarky here - this is a safety issue. How so? It doesn't seem to have any security issues https://security-tracker.debian.org/tracker/source-package/keepassxc signature.asc Description: This is a digitally signed message part.
Bug#926509: Package orphaned?
Has this package been orphaned? It seems unlikely that a security tool such as a password manager would lag one year behind upstream's current version? Should we just call it quit and switch to the upstream AppImage? I'm not being snarky here - this is a safety issue. A word of reassurance (or of any other news) from the maintainer would be welcome.