KeePassXC Debian maintainer has removed all network features
What changed in Debian’s KeePassXC packaging
- Debian’s maintainer disabled the
WITH_XC_ALLbuild toggle in the mainkeepassxcpackage. - This removes all optional features at compile time, not just networking: browser integration, favicon download, SSH agent, YubiKey support, auto‑type, freedesktop secret service, KeeShare, etc.
- A separate
keepassxc-fullpackage is provided with all features enabled. - Upstream clarifies these are built‑in features, disabled by default at runtime, not a plugin system.
Security vs. usability
- Pro‑change view:
- Password managers should be “as offline as possible” by default; network and integration features increase attack surface.
- Removing remote‑facing code (HTTP, image parsing, browser hooks) makes remote exploitation much harder.
- Advanced users who want convenience can explicitly install
keepassxc-full.
- Anti‑change view:
- Browser integration is seen as a core security feature: it checks URLs before filling, reducing phishing, and avoids clipboard leaks.
- Auto‑type/YubiKey support are central workflows; disabling them can lock users out or push them to weaker practices.
- Security must consider real user behavior; extra friction can reduce overall security.
Breaking existing users and naming concerns
- Many argue the change silently breaks workflows on upgrade (especially YubiKey‑protected DBs and browser workflows).
- Debate over whether showing a NEWS entry during
apt upgradeis adequate notice; some say people rarely read it. - Suggested alternative: keep current featureful build as
keepassxcand introducekeepassxc-minimalor-nonet, or use transitional packages so existing users are migrated to-full. - Others defend Debian’s pattern of minimal default plus feature variants (
vim-nox,emacs-nox, etc.), and think naming is acceptable.
Upstream vs. distro maintainers
- Upstream developers strongly object; they say the stripped‑down build is rarely tested and not how they intend the software to be shipped.
- Some argue distro maintainers are right to exercise judgment and use any upstream build option; others say shipping a heavily modified variant under the same name misleads users and burdens upstream with spurious bug reports.
- There is broader debate about:
- Whether Debian is too opinionated and prone to invasive changes.
- How much maintainers “owe” users and upstream versus having full freedom under FOSS licenses.
- Whether upstream should respond with stronger branding/trademark controls or their own repositories.
Tone and optics
- Several commenters criticize the maintainer’s public language about upstream features as dismissive, escalating community tension.
- Others see the strong stance as consistent with a “security‑first” distro philosophy, even if the rollout is painful.