On 10/01/13 21:34, Robert Ransom wrote:
> On 1/10/13, Abel Luck <abel@???> wrote:
>> Robert Ransom:
>>> On 1/9/13, intrigeri <intrigeri@???> wrote:
>>>> Hi,
>>>>
>>>> please review & merge feature/install-password-manager.
>>>> ticket: todo/install_password_manager
>>>> candidate for 0.17
>>>
>>> Some issues in keepassx 0.4.3-1ubuntu3 (according to the changelogs,
>>> nothing I'm pointing out is fixed in Debian's 0.4.3-2):
>>>
>> <snip>
>>> The other password managers you've considered are probably at least as
>>> bad as this one.
>
>> Well, damn, that's a pretty damning review. Do you know of any other
>> alternatives?
>
> The only stand-alone password manager that I have reviewed
> sufficiently to have an opinion about is KeePassX. KeePassX's
> cryptography is only slightly worse than that in the Linux kernel and
> GPG.
>
>> Have issues been opened to fix these security bugs?
>
> I have not reported these issues to any bug tracker.
>
> The copyright infringements in share/keepassx/icons/ are far more
> problematic -- it is not currently legal to distribute the KeePassX
> source tarball or Debian/Ubuntu binary packages.
With my WAN hat on, I can see that intrigeri reported created a Debian
bug to track that issue and get it solved where it should:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698832