Hey there, looks like #KeePassXC is relevant enough that 🤡 #AI #slop security foo companies now target our keywords on Google mobile search. What do you think would happen if suddenly lots of people started clicking those ads without actually buying anything?!🧐😁🤑
Notices by Team KeePassXC (keepassxc@fosstodon.org)
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Tuesday, 31-Dec-2024 05:29:12 JST Team KeePassXC
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Friday, 29-Nov-2024 20:48:17 JST Team KeePassXC
🚨BLACK FRIDAY SALE!!! 🤑📉 Our FREE software is 90% OFF this weekend!!
Get your deal at https://keepassxc.org/download NOW (only while stock lasts)! This is not a drill!
Also, if you want to support us more, we have options listed for you at https://keepassxc.org/donate 🤗
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Thursday, 16-May-2024 00:57:00 JST Team KeePassXC
@juliank @stardust @tuxwise@tchncs.de I disagree with this statement on a fundamental level. If you see Debian as an expert tool for a very specific expert target group, then fine, whatever. But Debian is the base for a general-purpose operating system for millions of users with no technical background or simply no nerve and time to deal with things like this. You cannot and should not expect these users to know about any obscure text files, let alone read and understand the tech babble that's in them.
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Tuesday, 14-May-2024 19:52:07 JST Team KeePassXC
What this flag DOES NOT do is sandbox KeePassXC in any way. It will also not remove Qt's internal networking modules, since these are still required for certain offline functionality such as URL parsing and local sockets (blame Qt for not separating this functionality). It will also not prevent a local attacker from loading other DLLs/SOs/DYLIBs containing network code at runtime.
4/4
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Tuesday, 14-May-2024 19:52:05 JST Team KeePassXC
That's it. That's all that is removed from your build when you disable the flag. There is no web server running or anything, it's only client code requiring a manual action that is removed (as well as a link dependency to OpenSSL, which may be more significant).
3/4
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Tuesday, 14-May-2024 19:52:05 JST Team KeePassXC
KeePassXC connects with the internet in only three situations:
1) to check for updates (we ask you first if you agree to that and this feature is disabled in downstream packages such as Debian's anyway)
2) when you manually click the button to download a website's favicon on the Edit Entry form
3) when you decide to check your credentials against the online Hibp service (again, by explicitly clicking a button).
2/4
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Tuesday, 14-May-2024 01:25:47 JST Team KeePassXC
Following the recent discussion around the Debian decision to ship KeePassXC without any of its optional modules, we've seen some extreme misconceptions floating around the internet regarding what the WITH_XC_NETWORKING=OFF compile flag actually does.
Let us be clear: KeePassXC does NOT "randomly" connect to the internet in the background, regardless of whether you build with the flag on or off. Claims to the contrary of KeePassXC "surfing in the background" or "calling home" are false.
1/4
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Saturday, 11-May-2024 00:19:57 JST Team KeePassXC
Debian Users - Be aware the maintainer of the KeePassXC package for Debian has unilaterally decided to remove ALL features from it. You will need to switch to `keepassxc-full` to maintain capabilities once this lands outside of testing/sid.
-
Embed this notice
Team KeePassXC (keepassxc@fosstodon.org)'s status on Wednesday, 21-Jun-2023 12:31:13 JST Team KeePassXC
We have released a blog post discussing CVE-2023-35866: https://keepassxc.org/blog/2023-06-20-cve-202335866/