Think about it, do you really want to have X11 going forward the next decades?

If the alternative is a new system that literally does nothing? Sure!

Want to present a menu for windows? Wayland: “lol, do it yourself”.

Want to position a window? Wayland: “lol, do it yourself”.

Want to remember that a window has a position? Wayland: “lol, do it yourself”.

Want to add a global keyboard shortcut? Wayland: “AAAAHAHAHAHAHAHAHHAHAHAHAHAHAHA!”

X11 may be old and whatever you want, but it works and it’s battle-tested. Wayland can’t even launch a full desktop session in my machine, which is even less than the failure Pulseaudio was back in its day and that’s saying something. And even if it did somehow launch, I probably would not be able to use anything serious like a media player or multiple workspaces on it.

February this year, and the iGPU of my machine (Intel 915 driver).

I mean yes, how exactly would you want the web to work?

Text and images and hyperlinks; maybe audio and video if you’re lucky and you can prove you can be trusted. No such thing as scripting, or if it’s allowed, only in a limited manner with no such thing as “eval” and obfuscation and no ability to add or delete nodes from the DOM (or if it’s allowed, those nodes must reflect under View Source / CTRL+U). No such things as loading a javascript audioplayer that tries to mix 123456 weird sources, just link me the .m3u direct to the audio stream’s .mp3 file, or even better an .opus.

Definitively no DRM.

If any such thing as GPU access is provided it should be to deposit data, not to run code.

It’s not dead there either, although I’d make the argument that X11 as a project is “mature” or “finalized”, it doesn’t really need hyperactive development like the tiktok children are used to.

(There are very good arguments that a new software stack was needed, but I’d expect the result to at least do something; ATM Wayland is little more than literally a “everyone else do my work for me” project)

I ask for some method that prevents the file to even be copied through a disk clone

Oh that’s quite simple! Just don’t have the files on the first disk in the first place. Make them a remote mount from a server, for example via sshfs, webdav, etc. Heck, even ftp if it comes down to it. That way, even though you can clone the disks, you can not get to the files if you don’t also have the full authentication requirements for the remote server (such as a password).

At a conceptual level, you can’t do anything via root to prevent someone who clones the disk from… well, cloning the disk. Having physical access to a disk is a much higher level of access than even root, so if what you are looking for is for your content to not be cloned, you need to fortify physical access to the device.

alias run0=sudo

(not really; I’d rather not introduce an alias or any sort of symbolic behaviour that would teach me to expect that systemd crap is available on a system. The less you rely on it, the better)

lol, Wayland can’t even start a desktop session on my machine, whereas X11 has worked without issues since 2009 (the last time I ever had to edit xorg.conf).

Sure sounds like X11 is the one who’s “dead” around here!

To be fair, the fact that browsers are allowed to do so much that this warning has to be shown is more an indictment on the current state of browsers (which at this point are almost like installing VMWare and a virtual machine on your computer!) than on something something Firefox or something something Flatpak.

That’s how it starts. Mozilla itself is maybe not hindered on its mission, but the people who depend on them are: the extension was blocked, and there is no official way that I know of to add third-party extension repositories to Mozilla. And sure, the more important part of the problem is you cede just one bit, but the authoritarians won’t stop. They know now Mozilla will spread their legs so they’ll ask more and more, and Mozilla will for sure choose to bend over for them than to act for the people they were supposed to be fighting for.

Mozilla licked Russia’s boot for a week. And that’s only what we publicly know.

No matter for how short you taste shit, the shit stink stays – if anything, in your memory.

They should comply with local laws

To my knowledge Firefox / Mozilla does not have an office in Russia. And even if they had, the argument can be made that unlawful / authoritarian laws by any ethical perspective have to be fought against.

You can also search your bookmarks (and your history!) in the search bar.

And no, it wasn’t just the favicons feature that was removed (which like … is that really such a big privacy issue that you need to remove it from the binary?)

Fetching a favicon means raising a network connection with a predictable endpoint. That’s already three concerns (four on the modern internet) to handle security-wise, and it’s absolutely an unneeded feature. Favicons could just be shipped on something like keepassxc-data or keepassxc-contrib to handle locally, no need to raise a network call.

Storm in a teacup, as tends to be the norm on the internet.

Not only this is nothing new and nothing unexpected to happen in Sid of all places, but it’s also something that helps bring keepassxc more in line with packaging guidelines on Debian. They already have lots of packages, both of the mutually-exclusive kind and of the complementary kind, with “foo-full”, “foo-minimal”, “foo-data” etc naming. p7zip and nginx of all things are quite interesting examples.

Plus, the author of the post sensationalizes the title to brigade the issue.

All that said:

• If the maintainer wishes to do this, “only” having two packages is a half-assed measure and that causes more issues in the long term. I’d expect three packages: keepassxc-minimal, keepassxc-full and the retained name keepassxc as a virtual package name.
• Furthermore, a direct upgrade path should go from (previous) keepassxc to (proposed) keepassxc-full.
• I don’t know enough of KeePassXC to know if something like keepassxc-data would be needed. Are there potential cases where one would want to switch between “-full” and “-minimal” or viceversa without the system seeing a software uninstallation in the meantime?
• The “crap” rationale is definitively something we all can do without, but given how people tend to brigade developers who try to do things, I can completely understand and support raising shields and looking defensive because some damage is already going to be done.
• Most responses are right in that the right place to discuss this is in the opened Debian bug report. The entire point is to see Debian (not KeepassXC) handle this before things get to Next Stable.

Hmmm maybe that’s the one that tries to do everything on its own instead of using the stuff I’ve already set up. Had similar issues with eg.: Nextcloud.

I’ve been looking for an alternative “the actual XMPP service only, nothing else that can be sourced by the host” container setup but there doesn’t seem to be any.

You can, but honestly no idea how to handle stuff like the certs from that point on. Most other software on docker lets me eg.: just bind-mount the host’s directory with the certs I want to use - or just not even know about SSL in the first place and just let me reverse-proxy the access in (like, say, a simple static page web server).

But, like I said, the last times I tried to get into it, it tried its darnest to get in my way. If that’s changed since then, that’d be great.

While I like it conceptually, the two times I tried to install it I felt it was far too opinionated for me to get it to work correctly, like other software “bundles” of its kind that want to take control of the entire process of setting up ports, networking, storage, certificates etc…, instead of just hanging down from stuff that I have already prepared for it (like my own domain with my own cert).

Like, as a piece of software it’s something I’d absolutely use… if someone else sets everything up for me.

But keeping around X isn’t the solution - iterating on Wayland is. Adding protocols to different parts of the stack with proper permission models, moving different pieces of X to different parts of the stack, etc. are a long term viable strategy. Even if it is painful.

The problem is, that’s always used as an excuse to force people to be gratis beta testers. I’ve been around for the wrecks that were (and still are) Pulseaudio and Systemd. Wayland is even worse: it doesn’t even fully start a session in my machine. If as devs you want to “iterate”, sure, go ahead; but leave it in the dev branch; as a user, don’t try to sell me Wayland again until it’s actually over.

I don’t get the issue with “maintaining Xorg”. Like, I get that it has a “cost”, I just don’t understand why that cost would be an issue since it’s basically fixed, marginal cost (and has been since like 2015): the software is already mature, so it’s unlikely to see relevant changes, or even minor changes (if that’s what we want to mean with “dead”). That means, it can be affixed to a specific toolkit and environment to build (if this isn’t being done already - which any mature project like RedHat should be!) basically guaranteeing it’ll build forever. You can just set a virtual button or a yearly crontab to do it. Fixed, marginal cost.

Contrasted to that, what Wayland is doing is kinda a representation of the worst ways of capitalism: centralize the profits, socialize the costs and the externalities (redesign, recode, rebuild), and blame society (the Linux communities) for it, all for a variable cost that is unbounded in time and space because you never know what’s gonna cost a small project like a text editor to reimplement the entire desktop stack “just” for Wayland.

And this is why the trick is learning and focusing the technologies that stick at a “lower level” of the stack, and that have been battle-tested by years or even decades so it’s understood that they won’t just “go away”. Like eg.: learning C or Fortran instead of learning ${niche_language_of_year_20xx}. For the docker bracket for example the near equivalent would be hmmm I’d say (s)chroot.

Then again from here to around 5 years docker will the the schroot of its tech bracket.