Debian maintainer, Julian Klode, has a "pointed" opinion:
> I'm afraid that's not going to happen. It was a mistake to ship with all plugins built by default. This will be painful for a year as users annoyingly do not read the NEWS files they should be reading but there's little that can be done about that.
> It is our responsibility to our users to provide them the most secure option possible as the default. All of these features are superfluous and do not really belong in a local password database manager, these developments are all utterly misguided.
> Users who need this crap can install the crappy version but obviously this increases the risk of drive-by contributor attacks.
> I'm afraid that's not going to happen. It was a mistake to ship with all plugins built by default. This will be painful for a year as users annoyingly do not read the NEWS files they should be reading but there's little that can be done about that.
I deal with enough packages in my life that do massively breaking changes in point releases though, to be honest. This is reminding me of the good days that `apt upgrade` would uninstall the X-Server because nvidia fucked up their stuff.
Debian is kinda one of the places I expected to be better, and usually it does. (EDIT - And I guess the fact that this is causing a ruckus in testing is an indication of that. lets see how it develops.)
You don't have to proactively read it. But when you notice your keepassxc doesn't work as it used to before, that should be a trigger for you to go back and read it, note that it tells you very clearly that the functionality you're missing is now in keepassxc-full, apt-install it, and go on with your life.
You're talking as if it's a point release of Debian. It is not. It happened in sid/testing, that's what these releases are for.
Whether it happened in a point or major release of Keepassxc is irrelevant, because ignorant users who upgrade their sid/testing installations blindly as if it was stable-security would have hit it eventually.
I laughed when I saw this. I once tried to be a hit and run contributor to a project he maintains and I found him to be rude. He is still at it it seems.
That is an absolutely mental stance - effective asserting that he knows better than both the developers and users of a piece of software what features it should have! Promote this man to the Debian technical committee immediately, he's perfect.
They removed other non-networking features too. E.g. even autotype was removed. At that point why not just store your passwords in an encrypted notes app?
I use KeePassXC, but not any network features or autotyping, because I like the password generation and because the interface is nice. I previously used Vim's old encryption feature (since removed I think?) and I think KeePassXC as I use it is a good upgrade from that.
https://www.githubstatus.com/