KeePassXC Debian maintainer has removed all network features

What changed in Debian’s KeePassXC packaging

  • Debian’s maintainer disabled the WITH_XC_ALL build toggle in the main keepassxc package.
  • This removes all optional features at compile time, not just networking: browser integration, favicon download, SSH agent, YubiKey support, auto‑type, freedesktop secret service, KeeShare, etc.
  • A separate keepassxc-full package is provided with all features enabled.
  • Upstream clarifies these are built‑in features, disabled by default at runtime, not a plugin system.

Security vs. usability

  • Pro‑change view:
    • Password managers should be “as offline as possible” by default; network and integration features increase attack surface.
    • Removing remote‑facing code (HTTP, image parsing, browser hooks) makes remote exploitation much harder.
    • Advanced users who want convenience can explicitly install keepassxc-full.
  • Anti‑change view:
    • Browser integration is seen as a core security feature: it checks URLs before filling, reducing phishing, and avoids clipboard leaks.
    • Auto‑type/YubiKey support are central workflows; disabling them can lock users out or push them to weaker practices.
    • Security must consider real user behavior; extra friction can reduce overall security.

Breaking existing users and naming concerns

  • Many argue the change silently breaks workflows on upgrade (especially YubiKey‑protected DBs and browser workflows).
  • Debate over whether showing a NEWS entry during apt upgrade is adequate notice; some say people rarely read it.
  • Suggested alternative: keep current featureful build as keepassxc and introduce keepassxc-minimal or -nonet, or use transitional packages so existing users are migrated to -full.
  • Others defend Debian’s pattern of minimal default plus feature variants (vim-nox, emacs-nox, etc.), and think naming is acceptable.

Upstream vs. distro maintainers

  • Upstream developers strongly object; they say the stripped‑down build is rarely tested and not how they intend the software to be shipped.
  • Some argue distro maintainers are right to exercise judgment and use any upstream build option; others say shipping a heavily modified variant under the same name misleads users and burdens upstream with spurious bug reports.
  • There is broader debate about:
    • Whether Debian is too opinionated and prone to invasive changes.
    • How much maintainers “owe” users and upstream versus having full freedom under FOSS licenses.
    • Whether upstream should respond with stronger branding/trademark controls or their own repositories.

Tone and optics

  • Several commenters criticize the maintainer’s public language about upstream features as dismissive, escalating community tension.
  • Others see the strong stance as consistent with a “security‑first” distro philosophy, even if the rollout is painful.