I want this but as a Linux distribution.

@draNgNon @itamarst

"I thought KeePassXC required human reviews / unit tests in order to mitigate any llm harms. Did that change?"

I literally don't give a shit. If you think it's OK to generate computer source code from a neural network, I don't trust yr judgement enough to trust your code reviews.

"More broadly, I don't really see how you can prove no LLMs were involved in code contributions if they are actually contributed by a human."

Same way you enforce any policy against stolen code

@mcc @luana @xarvos that is indeed the problem

@mcc @elfin

Can you be more specific? I wasn't under the impression that KeePassXC runs on phones.

@csolisr i'm told elsewhere in thread that vaultwarden has not accepted AI code, but vaultwarden replaces the *server*, not the client, right?

@argv_minus_one @elfin I do not use keepassxc

EDIT: checking google there *is* a "Keepass2Android", one assumes forked from the original keepass

@ariadne @mcc @xarvos that would be the pretty way. Another pretty way would be having nixpkgs maintainers add that info.

I said it was an awful way that would require full system building for a reason, I imagine it’s possible to override the default check phase or even the fetchers to check the downloaded src for .copilot and alike and fail if present.

@maaneeack @mcc StrongBox has been sold to a company with maybe iffy success with the products they have acquired. I had first hand experience with their mess-up of the Mac utility Bartender, which I bailed on after their version.

@WideEyedCurious
If you're ok with local storage and local replication rather than "cloudy", there's pwsafe. You could keep the db in some less local storage, I guess.
https://www.pwsafe.org/index.shtml

@mcc @argv_minus_one @elfin I use https://www.keepassdx.com/ on android, and sync the file over with Syncthing.

I don't THINK either of those projects use LLMs, but I haven't been machmir about poring over careful details when checking.

@greyduck @mcc From all that I have seen regarding The Original KeePass (authored by Dominik Reichl in C# for .NET/Mono) has made no mention of AI pollution. How Mono are handling AI I haven't looked at, but for .NET: Microsoft is as they are.

KeePassXC (maintained by the KeePassXC team in C++ using the QT toolkit) announced the use of AI and then clarified the scope later. KeePassXC is a separate project that uses the keepass vault format but it its own thing.

@mcc yikes

@chopsstephens @jcnotwit @mcc But there are forks of the pre-vibecoded XC now, no need to switch to a whole other program.

@mary @mcc There was an effort to do this called open-slopware, but the creator got harassed by LLM apologists into deleting it and leaving open-source. After that, people who had local forks put them up and began working on their own versions. I was dissatisfied with the layout of the previous version, so myself and a few other contributors to open-slopware created https://codeberg.org/ai-alternatives/llm-afflicted-software hoping to avoid the pitfalls of the previous repo. It's not perfect, but it is chugging along slowly.

@mary @mcc The major changes made were:

1. yaml instead of markdown so its machine-readable (I want to develop a tool chat checks your system for llm software).
2. Requiring signoffs and signing of commits to limit troll submissions through annoyance (LLM apologists were brigading open-slopware with genAI MRs and one got in)
3. More carefully vetting sources and reasons for submissions so only actually "bad" projects are added.

@frumble @jcnotwit @mcc that's good to know. I only recently switched to Linux and was using KeePass on Windows before that, so I just stuck with it when Mint gave me KeePass and KeePassXC as options.

@mcc@mastodon.social @argv_minus_one@mastodon.sdf.org @elfin@mstdn.social I've been using keepass2android for a long time, and have been quite happy with it. I haven't poked deeply at it to check for LLM use, but there's nothing obvious in the contributor's graph (a single unlinked copilot commit of 1+ 1-)