SoylentNews is people
SoylentNews
An engadget story has the following to say about KeePass2 and developer Dominik Reichl:
Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.
This discussion has been archived.
No new comments can be posted.
Password App Developer Overlooks Security Hole to Preserve Ads
|
Log In/Create an Account
| Top
| 47 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
No animal should ever jump on the dining room furniture unless
absolutely certain he can hold his own in conversation.
-- Fran Lebowitz
(Score: 0, Disagree) by Anonymous Coward on Monday June 06 2016, @02:44PM
Do you pay for it, or is it free? If it is free, you get what you pay for.
(Score: 0) by Anonymous Coward on Monday June 06 2016, @03:02PM
KeePass [keepass.info] is a free (GPL2) and open-source password manager for Microsoft Windows.
(Score: 0) by Anonymous Coward on Monday June 06 2016, @03:08PM
So it's basically like lunix.
(Score: 2) by Nerdfest on Monday June 06 2016, @03:47PM
I've found that in the software world lately it actually works very much the opposite.
(Score: 3, Touché) by DannyB on Monday June 06 2016, @04:15PM
> If it is free, you get what you pay for.
But do I get what I expect based on the reputation of the software?
If people have a certain expectation of a free security related program, and something compromises what you expect, then there is nothing wrong with spreading the word far and wide. And also nothing wrong with complaining about it.
Can something not be complained about just because it is free? The complaints can be useful guidance and feedback. But the producer of the software has no obligation to do anything for a free software product, or its reputation. (See: SourceForge, previous owners. Also see an earlier fiasco about NoScript extension for Mozilla regarding ads: the author was willing to destroy his credibility and trust over advertising.)
And, if the free product does not do what one wants, and won't be fixed, one is free to look elsewhere, or develop their own. I suspect that the author of KeePass genuinely intends and intended to build something that solves a widespread need.
Young people won't believe you if you say you used to get Netflix by US Postal Mail.
(Score: 2) by Wootery on Wednesday June 08 2016, @10:47AM
Can something not be complained about just because it is free?
Yes. Obviously. To 'complain' is simply to assert that something isn't fit for purpose. Revenue is irrelevant.
the producer of the software has no obligation to do anything for a free software product, or its reputation
Sure. No different from closed-source payware. It's not about 'obligation' (whatever that means), it's about good software.
(Score: 0) by Anonymous Coward on Monday June 06 2016, @05:43PM
Windows 10 invalidates your claim.