Moritz Muehlenhoff <jmm@inutil.org> writes: >> The complete database is always encrypted either with AES (alias >> Rijndael) or Twofish encryption algorithm using a 256 bit key. Therefore >> the saved information can be considered as quite safe. KeePassX uses a > ^^^^^^^^^^ > Ummm. > > Apart from that, just because it uses strong ciphers it doesn't mean it's > secure. It appears to only have a single author and to be very fresh and I > don't think it has received real review so far. Until it has matured more > I wouldn't upload this to unstable, as every flaw will expose all the pass- > words and passphrases of a user. Err, while I agree that the description should make false or misleading statements (I will take that part out), I'm a bit confused about your statement to not upload it to unstable. I mean, in a truly security sensitive environment, every security sensitive tool should be audited anyway. I'd still like to upload it to unstable, so that it gets wider testing. If someone notices security issues, the package will get an RC bug, and if there is no quick fix, it may be removed from testing. But why are you saying that it mustn't enter unstable? Did you perhaps already audit keepassx or have made any experience while using it? I think your concerns apply to the dozen other password managers we already ship in etch as well. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4
Attachment:
pgp09DFY5jbeK.pgp
Description: PGP signature