| Perhaps, and that's not unreasonable in and of itself. But to do so in such a user-hostile manner? That's a bit over the top. A new minimal package, advertising it, and only then eventually making it the default would have been far, far more effective. If an engineer of mine pulled this on our user-base I'd have them reverting it in a heartbeat regardless of the technical merit. They already failed just in how they executed this and have burned good will, the technical merits no longer matter. Once you've lost the faith and trust of the user, it's over. The original request[0] was more or less simply a user asking for the networking to be removed, and follow-up to just have a -nonetwork variation. Instead, we have comments from the debian maintainer: The OP report:
> Users who need this crap can install the crappy version but obviously this increases the risk of drive-by contributor attacks. The debian package description[1]:
> See keepassxc-full if you absolutely need those. The PR[2]
> Feature creep like SSH agent support, browser integration, Freedesktop.org secret storage, KeeShare pose undue risks for most users. Each one of these sends a message. And it was entirely avoidable with a bit of grace and kindness to the existing userbase. [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953529 [1]: https://packages.debian.org/sid/keepassxc [2]: https://salsa.debian.org/debian/keepassxc/-/commit/7d6d16e3f... |