The KeePassXC kerfuffle
The KeePassXC kerfuffle
Posted May 22, 2024 17:00 UTC (Wed) by cen (subscriber, #170575)Parent article: The KeePassXC kerfuffle
Posted May 22, 2024 17:20 UTC (Wed)
by intelfx (subscriber, #130118)
[Link] (11 responses)
No, the correct decision is the one that does not break users' workflows on upgrade.
There are many things that I dislike in Debian, but the one thing that I _have valued_ in Debian _very much_ is that it is a stable platform, the one that can be counted on to **not break** when upgraded or dist-upgraded. This is the single reason why I have used (and recommended) Debian at all.
What this incident has just told me, is that Debian **can no longer be trusted** not to break a workflow.
Posted May 22, 2024 17:29 UTC (Wed)
by cen (subscriber, #170575)
[Link]
Posted May 22, 2024 17:29 UTC (Wed)
by NYKevin (subscriber, #129325)
[Link]
Posted May 22, 2024 17:32 UTC (Wed)
by pizza (subscriber, #46)
[Link] (7 responses)
Only if you're running Debian *stable*.
> What this incident has just told me, is that Debian **can no longer be trusted** not to break a workflow.
Um, if you deliberately choose to run Debian testing or unstable, by definition it can break on you.
Meanwhile, you apparently didn't actually *read* the article:
"The actual impact will be negligible for users of stable versions of Debian, Ubuntu, and other Debian-derived distributions. Klode said that when Debian Trixie is released, upgrades and new installs of the keepassxc package will receive a transitional package that prompts them to decide between "full" and "minimal" packages. Klode says that this will allow users upgrading from bookworm to preserve their current setup. Future releases will have a "virtual" keepassxc package that, again, requires the user to explicitly select one or the other."
Posted May 22, 2024 17:37 UTC (Wed)
by intelfx (subscriber, #130118)
[Link] (6 responses)
> Um, if you deliberately choose to run Debian testing or unstable, by definition it can break on you.
What's unstable today, will become stable tomorrow. This is a non-reply.
> Meanwhile, you apparently didn't actually *read* the article
I have read the article, thank you very much for patronizing me (not). It also tells me that the whole "choice" thing only happened because this issue was publicized and resulted in pressure, and the next time it might not happen.
Posted May 22, 2024 17:46 UTC (Wed)
by pizza (subscriber, #46)
[Link] (5 responses)
I'm alwasys glad when I can correct folks' unreasonable expectations.
> What's unstable today, will become stable tomorrow. This is a non-reply.
Uh. do you not understand the basic difference between the words "stable", "testing", and "unstable"?
Because you seem to be claiming that they are synonymous.
> It also tells me that the whole "choice" thing only happened because this issue was publicized and resulted in pressure
That does not appear to be supported by facts in evidence.
> and the next time it might not happen.
If that happens, you might be entitled to a full refund.
I wish you the best of luck in your quest to be perpetually supplied with perfect software, for free.
Posted May 22, 2024 18:15 UTC (Wed)
by intelfx (subscriber, #130118)
[Link] (4 responses)
There weren't and you didn't.
> Uh. do you not understand the basic difference between the words "stable", "testing", and "unstable"?
You apparently didn't **read** my comment. (See, this works both ways.)
> That does not appear to be supported by facts in evidence.
The reading of the article suggests that the transitional package only appeared after multiple rounds of heated discussion, and the original decision was simply to ship the stripped version as "keepassxc".
Posted May 22, 2024 21:50 UTC (Wed)
by pizza (subscriber, #46)
[Link] (3 responses)
Even if you are correct, all it shows is that Debian's development/packaging process (including the stated purpose of "Debian testing") is working as intended, and no "stability promises" [1] having been violated.
[1] Which only apply within a given stable release, not within testing or (especially) unstable. Even upgrades between major releases don't (and can't!) promise that everything that used to work will continue to work exactly as before. [2]
Posted May 23, 2024 1:47 UTC (Thu)
by sionescu (subscriber, #59410)
[Link] (2 responses)
Only because users opposed the changes vehemently. The change should not have occurred in the first place.
Posted May 23, 2024 9:08 UTC (Thu)
by bluca (subscriber, #118303)
[Link]
Posted May 23, 2024 9:37 UTC (Thu)
by mb (subscriber, #50428)
[Link]
So? It's called the development and testing process. That's why we have unstable and testing.
Posted May 24, 2024 10:39 UTC (Fri)
by LtWorf (subscriber, #124958)
[Link]
https://salsa.debian.org/debian/keepassxc/-/blob/main/deb...
They pressed "q" without reading and then complained…
It is very normal to use a NEWS file if a package is introducing some changes that might require a manual action.
Posted May 22, 2024 21:55 UTC (Wed)
by WolfWings (subscriber, #56790)
[Link] (1 responses)
There's a difference between disabling networking that does things like favicon fetches, and disabling so much networking that it can't even communicate with a hardware USB encryption token.
Turning off the 'look pretty' network features in the default install is all well and good, but disabling things like hardware security token support because they ripped out the entire networking suite blindly is a dis-service to the users.
PGP broadly failed because it was so obtuse, there's a certain degree of lubricity you need with security features to make them well used. And this blind 'chop the whole forest down' approach I think overstepped.
Posted May 23, 2024 9:14 UTC (Thu)
by taladar (subscriber, #68407)
[Link]
The KeePassXC kerfuffle
The KeePassXC kerfuffle
The KeePassXC kerfuffle
The KeePassXC kerfuffle
The KeePassXC kerfuffle
The KeePassXC kerfuffle
The KeePassXC kerfuffle
> Because you seem to be claiming that they are synonymous.
The KeePassXC kerfuffle
[2] While Debian works very hard to achieve this goal, there are always exceptions -- With every release global/system features are deprecated or dropped outright, and that doesn't even begin to touch on potentially incompatible changes to upstream software.
The KeePassXC kerfuffle
The KeePassXC kerfuffle
The KeePassXC kerfuffle
Everything works as expected.
The KeePassXC kerfuffle
The KeePassXC kerfuffle
The KeePassXC kerfuffle