[PaulKeeble]

I am now on the hunt for a non vibe coded alternative. I stopped open sourcing code after all my open code's licenses were broken by Microsoft and everyone else commercialising it. Which I guess is part of the point of why they did it and have put serious money to defending themselves in court against anyone that dare challenge it. Suffice to say I don't want anything to do with projects that participated in that theft and re-commercialisation of open source code.

Does not look like the original Keepass project is doing this which is the easiest migration away but I will check a bit deeper on their commits to be sure.

[AlexErrant]

The original Keepass project has 11 CVEs. XC has 3, and has disputed all of them with e.g. "the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs", etc.

[droidmonkey]

Additionally, the original KeePass project has no public development or public review process for their code. They do everything behind the scenes and only publish code when a release is made. KeePass is "code available" open source.