diff of original plugin to what is found in debian-sid [question]
Closed this issue · 7 comments
I wonder why the package that can be found in debian-sid is so much different to the upstream package. There is some good stuff like de-minifying keepassxc-browser/background/nacl.js but other files like keepassxc-browser.js are in a totally different place and much of the content change. I have not much experience developing JavaDcript or building packages for it. That is why I would like to have an opinion of the original developers and the community in general about the debian fork (https://salsa.debian.org/fuddl/keepassxc-browser). And what can be found a package in debian/sid (http://ftp.debian.org/debian/pool/main/k/keepassxc-browser/).
We have nothing to do with that offering. Always get our extension from the browser extension store (Mozilla, Chrome, or Edge).
@droidmonkey ok sure, but you are aware that Debian is distribution that is used in many places. And that it would be good to care a bit more as people actually use it. Imo it is important that people look from time to time into thinks like this to ensure that distributions can be trusted. And who would be better suited than a developer of the package. So please take some time and give some feedback on this. And if you say it differs so much that it is horrible to review or find differences it would already help. Because by just closing the the ticket you ensure that things stay as they are, and if there should be a problem in the future it will fall back to you as well.
@ObiWahn Why are you linking a diff from your branches version 1.3.2 against our 1.8.12? That's the version provided in Debian Sid?
You may not be aware, but package managers are solely responsible for the offerings within their package repositories. This includes the KeePassXC application itself. It is certainly odd that Debian is offering the extension as a package, but we aren't the police of everything out there. We offer official downloads for all our offerings, and our responsibility generally ends there.
Now, if there is a proven security risk, we will support any take down efforts lobbed against the problem. We did that for a copy cat deployment within the Microsoft Store.
I recommend opening an issue with the Debian package maintainers and have them answer for their own work.
@varjolintu this is what can be found in my /usr/share/webext/keepassxc-browser/ after installing the package from the sid mirror.
@varjolintu this is what can be found in my
/usr/share/webext/keepassxc-browser/after installing the package from the sid mirror.
That version (released in Jan 11, 2019) is surely not compatible with the current KeePassXC. As droidmonkey said, Debian package maintainers should be contacted for the updated package.
I when committing I have done a mistake. There is almost no change and the Debian package is mostly equal except for un-minified and deleted files. I am sorry for wasting your time.
» git diff --stat --diff-filter=dr keepass/release/1.8.x
keepassxc-browser/background/browserAction.js | 0
keepassxc-browser/background/event.js | 0
keepassxc-browser/background/httpauth.js | 0
keepassxc-browser/background/keepass.js | 0
keepassxc-browser/background/nacl-util.js | 81 ++
keepassxc-browser/background/nacl.js | 1178 ++++++++++++++++++++++
keepassxc-browser/background/page.js | 0
keepassxc-browser/bootstrap/bootstrap.css | 9456 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
keepassxc-browser/bootstrap/bootstrap.js | 4836 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
keepassxc-browser/common/browser-polyfill.js | 1269 +++++++++++++++++++++++
keepassxc-browser/common/global.js | 0
keepassxc-browser/content/keepassxc-browser.js | 0
keepassxc-browser/fonts/fork-awesome.css | 2733 ++++++++++++++++++++++++++++++++++++++++++++++++++
keepassxc-browser/fonts/forkawesome-webfont.woff2 | Bin 91624 -> 110116 bytes
keepassxc-browser/manifest.json | 11 +-
keepassxc-browser/options/options.html | 8 +-
keepassxc-browser/options/shortcuts.html | 8 +-
keepassxc-browser/popups/popup.html | 8 +-
keepassxc-browser/popups/popup_httpauth.html | 8 +-
keepassxc-browser/popups/popup_login.html | 8 +-
20 files changed, 19579 insertions(+), 25 deletions(-)