Hacker News new | past | comments | ask | show | jobs | submit login

Thanks, I saw that but was hoping people would not actually bother - that's deep into 'tinfoil-hat' territory. If you are already running a Linux distro and trusting the repos for OS updates, it isn't a big stretch to assume their build of the password manager is exactly as safe as the OS updates, and trusting one but not the other is pure folly.



KeypassX 2.0 was in alpha for years (though I never noticed a bug). I don't think it was available in distribution packages until quite recently.

That being said, I'm decent with C++, and yet auditing its code is a little daunting.


This is also exactly my intuition here, but I'm hoping for others to comment here as well.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: