[deeter72]

For me personally because the author of KeePass is a stubborn person who is hellbent on not using a VCS. I see no reason why one would not use a VCS in 2020. From a security point of view this is a massive violation of trust due to the fact that a criminal entity could hypothetically sneak into the computer of the author of KeePass and modify a cpp file to link to malware and the author will have no idea of it and when he compiles and distributes it. He would have unknowingly distributed malware which due to the context of the application can cause massive damage.

I do know that I can compile myself but still I cannot audit every single release, this can be migitated by myself using git and extracting tar files on every release. But this should not be this difficult.

KeePassXC on the other hand is more practical and works on all platforms consistently and is easy to compile with cmake and has convenient cmake switches to disable network connectivity.