Dear all,
On 12/08/16 12:08, Matthias Kirschner wrote:
- David VANTYGHEM david.vantyghem@free.fr [2016-08-11 22:34:35 +0200]:
About https://joinup.ec.europa.eu/community/eu-fossa/news/ec-audit-apache-http-ser...
Why choosing KeePass and not KeePassX ? KeePass is using the .NET Framework. If you find security holes in .NET, it will be impossible to remove them. KeePass is not really multi-platform. KeePassX is really multi-Plateform and proprietary software independant. https://www.keepassx.org
I'll try to find out. I assume because Keepass is used in the Commission.
Regards, Matthias
I work as an assistant to MEP Julia Reda in the European Parliament who proposed the pilot project in 2014 following the Heartbleed discoveries. I am following the FOSSA project for our office. The FOSSA project is overseen by a team in the Commission and realised by their contractor, everis.
From what can be found on the projects' websites, KeePass is developed in two branches, the developer calls them the "Classic" (1.x) and "Professional" (2.x) editions, only the latter is developed in .NET/Mono. KeePassX is a fork of the "Classic" branch.
As far as I have been told, neither of them is widely used within the European institutions, however there apparently are some KeePass users. A password manager is something that users in the EC seem to wish for, and I imagine the same goes for users in other institutions.
From what I understood, the audit will be looking at the classic variant, hence potentially discovering issues that could as well go for KeePassX. The team recently asked for contributions on their web site: https://joinup.ec.europa.eu/community/eu-fossa/news/eu-fossa-keepass-code-review-call-contribution
I hope that helps. Should you have any questions, please Cc my work address sebastian.raible@europarl.europa.eu to be sure I don't miss them.
Best, Sebastian