Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Status of the project and new maintainers needed #221

Open
arnowelzel opened this issue Jun 17, 2023 · 12 comments
Open

Status of the project and new maintainers needed #221

arnowelzel opened this issue Jun 17, 2023 · 12 comments

Comments

@arnowelzel
Copy link
Collaborator

arnowelzel commented Jun 17, 2023

Well - bad news, but it's inevitable:

  1. The upstream project "KeeWeb" does not have a maintainer (see 👀 Looking for maintainer keeweb/keeweb#2022) and even over a year after nobody showed up to maintain that project.

  2. The Nextcloud integration needs a complete rewrite to fix certain issues and to be compatible with NC 27, since the autoloader does not work any longer and other things also changed in Nextcloud (/appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. #205, Autoload path not allowed #219)

However I don't have the time to take care of either project as needed and personally I switched to another password manager and don't even use Keepass any longer on my own.

So as long as there is no one showing up willing to maintain that project including the upstream part I have to say that KeeWeb for Nextcloud will not exist any longer in the future and the version for Nextcloud 26 will be the last one for the time being - sorry!

Update 2023-06-19

Thanks to the help of @burned42 we managed to build an update for NC 27 which should at least work for some time.

Update 2023-12-09

It seems, Nextcloud 28 removed OCP\\AppFramework\\Http\\EmptyContentSecurityPolicy::allowInlineScript(). But without that, KeeWeb can not be used. However, https://docs.nextcloud.com/server/latest/developer_manual/app_publishing_maintenance/app_upgrade_guide/upgrade_to_28.html does not contain any hint what to use instead. I also don't have time to do a extensive research how to keep KeeWeb running without inline scripts.

Under these circumstances and given the fact that the upstream is also not maintained any longer (and this seems not to change) I have to finally declare this project "dead" if no one is able to fix this - sorry :-(

@arnowelzel arnowelzel pinned this issue Jun 17, 2023
@jhass
Copy link
Owner

jhass commented Jun 18, 2023

I second that this project as is has no real future. I'm glad to handover to someone who sees otherwise but will archive this in a couple of months otherwise.

@ann0see
Copy link

ann0see commented Jun 18, 2023

There's a new PR claiming to fix compatibility with the latest Nextcloud version.

@arnowelzel
Copy link
Collaborator Author

I merged the PR and will check if we can at least provide an update for NC 27. However the main issue remains: the upstream project is not maintained any longer and #205 also needs some attention. The latter one is not a breaking change (yet) in Nextcloud but will cause a lot of log entries if debug logging is enabled.

@arnowelzel
Copy link
Collaborator Author

I second that this project as is has no real future. I'm glad to handover to someone who sees otherwise but will archive this in a couple of months otherwise.

Since we managed to get an update done for NC 27 which also includes the new application structure and fixes #205 as well, it may make sense to keep it a bit longer as long as KeeWeb itself works. But otherwise I agree - without any active development of the upstream KeeWeb it will break at some point.

@JoshuaPettus
Copy link

Hey, just wanted to thank you guys for giving the app another gasp of life before it ceases to be.

@arnowelzel
Copy link
Collaborator Author

Thanks to @florian-forestier we have support for NC 28 now!

@goebbe
Copy link

goebbe commented Jan 18, 2024

There should be a big warning!

As much as I regret it, the upstream KeeWeb project is completely unmaintained since July 2021!
KeeWeb is not simply in maintenance mode, it is completely abandoned since.
Since KeeWeb relies itself on quite a few upstream packages and libraries and nobody is actively monitoring for security problems or updating packages there is a growing security risk. Even if security problems are fixed since 2021 in these libraries, these fixes are not integrated into KeeWeb and probably never will be.

Unfortunately nobody took up the development, since 2021, so I believe it is unlikely that KeeWeb will have any future.

Please consider to put a deprecation warning for the nextcloud-keeweb project.

@arnowelzel
Copy link
Collaborator Author

Please consider to put a deprecation warning for the nextcloud-keeweb project.

Yes, this would be a good idea for the time being.

@jhass Since you are the owner of the store entry - it may be a good idea to add a warning to the story entry similar to the one in https://apps.nextcloud.com/apps/documents:

💀 KeeWeb not actively maintained since 2021 and may contain security issues 💀 Please move to an actively maintained developed app like Passman or Passwords.

@jhass
Copy link
Owner

jhass commented Jan 18, 2024

As far as I understand the appstore description is pulled from https://github.com/jhass/nextcloud-keeweb/blob/master/keeweb/appinfo/info.xml#L7-L9 actually. Feel free to add any notice there, the next release should update the description.

@tilllt
Copy link

tilllt commented Apr 15, 2024

I don't know if something about the situation changed recently but I can see several commits to upstream Keeweb from the last weeks. So it doesn't seem unmaintained after all?

Does this mean that Keeweb-Nextcloud itself is unmaintained now, but not for the fault of an unmaintained upstream Keeweb, or could someone please clarify the situation?

@goebbe
Copy link

goebbe commented Apr 15, 2024

@tilllt The new developers seem to be quite active - but there are a lot of outdated dependencies and bugs to catch up with.
Since password managers store sensitive information, it is probably a good idea to follow the activities and let the new devs. built some trust. I keep my fingers crossed and hope the best for keeweb.

@arnowelzel
Copy link
Collaborator Author

@tilllt Keeweb-Nextlcoud is still maintained as far as possible. However since the upstream did not get any updates in the past, it was neccessary to let users know about the situation. Maybe we'll update the notices about that so people know, that the situation may change in the future. However, so far we have to wait.

Yes, I have seen the recent activity at https://github.com/keeweb/keeweb/commits/master/ as well. However, I'll wait until there is a new release which is proven to be trustworthy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants