On 11.11.23 08:06, Julian Andres Klode wrote:
I agree that keepassxc is a highly sensitive program. However, not updating it for over half a year for the sake of code review while every other major distro has kept currentOn Fri, Nov 10, 2023 at 11:36:18PM +0100, Matthias Geiger wrote:debdiff attached, I will upload this as a delayed NMU.I will remove or overwrite any attempt to upload a new version.As I have explained in the previous comment, this is highly security sensitive and requires careful review, hence updates aside from CVEs can only happen during Christmas break when there's time to review the code. I do not appreciate an NMU when I have clearly outlined my position on the topic and am generally responsive.
does not instill trust for me. If there'd've been any malicious or otherwise noteworthy changes surely other parties would have noticed. It's a noble endeavour to really take a look at the code but this isn't really feasible imo when the releases happen faster than you can make time for it. In conclusion I believe code review of changes is nice, but it shouldn't get in the way of getting new versions to users.
-- Matthias Geiger <werdahias> Debian Maintainer "Freiheit ist immer Freiheit des anders Denkenden" -- Rosa Luxemburg
OpenPGP_0x18BD106B3B6C5475.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
