@7c6f434c
I already gave the link of PR and the discussion is easy to follow.
Secondly, I have lready discusses on the iusse tracker how I don’t think that it’s appropriate to defer to someone else and the arguments need to be made from first principles. For all know you, someone made a PR in upstream, there were objections , and ultimately it was self merged because the PR submitter had no respect for the process. Even otherwise, how do we know it was a security minded invidiual and not a popularity minded individual?
@talyz I did not reply to your last post because it was clear you have no clue what you are talking about. (As you yourself explicitly admitted- you have neither the knowlege of code nor you are confident of it, you mentioned that upstream understands security better than “us”). That said, for your information in future, just because there is a term “browser” in therr doesn’t mean it’s insecure. There is a proper channel over which text request for password entry is sent and received (hopefully in a fix sizes buffer), all the db handling is on keepass side. Contrast this with binary resource parsing which is huge and filled with landmines. (Not that I would ever recommend browser integration to anybody)
This discussion further emphasises why this PR is rubbish- every tom dick and harry knows the risk associated with repeating passwords or using low entropy passwords (at least a nix using TDH), few know how dangerous it can be to try to parse binary resources (and thus an extra button still puts people at risk)
I have already argued against your HIBP point over on GitHub, and bringing HIBP afterwards (when interestingly your original PR had no mention) further shows you’re being facetious.
@zimbatm
My objection to PR code was on GitHub, my objection here is the absolute mockery of process.
I appreciate your point of view, this is volunteer work and contributions need to be respected,believe me I know i hate nitpicks in PR. I have myself mentioned that there should be lower standards for volunteer contributions.
But one needs to draw a line somewhere and take ownership about what is sensitive code.
There is a very simple way forward here, maintain the status quo. The feature adds bare minimal but has major security implications. Being extremely paranoid with password managers is absolutely the single narrow rational path.
As for whether it’s right to expect commiters to be expert on everything- I agree that deferring to upstream a very logical way, ONLY as long as there are no first principle objections (and I already raised them).