undefined | Better HN

0 pointselcapitan10y ago0 comments

What about all its dependencies? What if someone made some unsuspicious changes in a UI library that it uses that have a side effect on the security of KeepassX?

0 comments

3 comments · 1 top-level

maglavaitss10y ago· 2 in thread

https://github.com/keepassx/keepassx If libgcrypt, QT, zlib get compromised I guess it's game over, but it's a long way to go, it will get noticed.

elcapitanOP10y ago

But that's the same argument that I was making about KeepassX itself before. So if I'm trusting for the dependencies to get watched well for not being compromised, why then look into KeepassX itself, wouldn't that apply for the app itself as well?

maglavaitss10y ago

Because KeepassX is way less used (and its source code checked) than ... QT for example, so rogue functions added into KeepassX will be have less visibility than one added into zlib.

1 more reply

j / k navigate · click thread line to collapse