Is KeePass Touch a fork of this project? #606
Comments
|
Consider KeePass Touch an unmaintained unauthorized fork but mainly a dead end. Once upon a time there was a company that had published both KeePass Touch and KeePass Desktop. KeePass Touch did look a lot like MiniKeePass and KeePass Desktop reminded me of my own tool MacPass. After some investigation and clarification of GPL licence violations (with MacPass as well as MiniKeePass) they removed KeePass Desktop from the Mac App Store. The company vanished and the (only?) developer resurfaced as head of another company behind KeePassTouch. If you dig a bit you can find out who he is and might get in contact with him personally. They did send me source code on request for both KeePass Desktop as well as KeePass Touch but my impression was that the software was merely re-released but not maintained. |
|
Thanks very much for you answer. That's very interesting. It confirms my suspicion that the developer is violating the GPL. It seems that KeePass Touch is slightly more popular with users than MiniKeePass, because the developer added quite a few sync options (Dropbox, Google Drive, OneDrive, FTP, ...) And then he added advertisements + an IAP for ad removal and called it a day without ever releasing the source code. I definitely wouldn't be trusting my master password and password database to such an untrustworthy person and I'm concerned about other people that do. |
|
Keepass Touch is developed by this chap in Germany. |
|
Thanks, I saw that website already. However, the company only seems to have one product (KeePass Touch) and the rest of their activity is freelancing on App-Entwickler-Verzeichnis, I assume. Nowhere do they offer the source code for download (as they should, because they forked the GPL-licensed MiniKeePass) I even tried to use the contact form on that website to ask for the source code, but I haven't received a response. |
|
@jsanglier The developer seems to be earning his living by working at another company so KeePassTouch might not get any attention. @JannesMeyer The source code does not need to be openly available. GPL just states that if you obtained a legal copy of GPL licensed software you have the right to get the source code for that software. If you get a copy of the source via an email request this is perfectly fine. |
|
I sent an email on the 27th of March requesting the open source code. I haven't heard back yet. I guess the guy could be on holiday or he might not be paying any attention to KeePass Touch, like you say. But strictly speaking he should still make the source code available on request as long as he's distributing binaries on the App Store. |
|
You are right. You have the right to get the source code as this is GPL software. But I would not bet on you getting it anytime soon since the developers seems to be working for another company as head of iOS development so my guess is he's not even paying attention to anything related to KeePass Touch. This then should be reported as a violation of the GPL license. |
|
Reporting a violation should be the last resort though. I would try to get in contact with the guy via another form of communication and ask for the code. If you aren't able to reach him via any means then a violation report should be pursued. I can try to find others ways to contact him if you like since I corresponded with him but I am not making this information public. |
|
Sure, please go ahead and try to contact him. I have tried kptouch@innervate.de and the contact form on innervate.de to no avail. I would greatly appreciate it. One of my criteria for using a password manager is that it's open source, because it's a lot of trust you're placing in someone's hands when you basically hand over hundreds of passwords to the author of the software. |
|
KeePass Touch just released an update yesterday supporting KDBX 4 - i.e, I can now use it and KeePassXC on my Mac with the same file. Seems it is now one step ahead of MiniKeePass. |
|
Looking forward to support for KDBX 4/ Argon 2. On another somewhat unrelated note when MiniKeePass does support the above and change the Key Derivation Function and Transform Rounds does a database need to be resaved (saved as) for the changes to take effect? |
|
They replied to my email so I uploaded the code they attached: |
|
@Jellyfrog would you mind to cherry pick the differences from that repo and make a PR to integrate them in this repository? |
|
I'm using KeePass Touch on iOS (its source code should be here on GitHub since months...and I'd like to know if somebody better than me to analyze codes, can see any possible security flaw. Asking mostly to @mstarke that already helped me with an issue with his app. |
|
Also note that "KeePass Touch" is abusing the name "KeePass" according to its author. From https://keepass.info/download.html:
Similarly: "KeePassTouch" (all together) would be ok, but "KeePass Touch" is not. |
Sorry if this is not an issue with MiniKeePass itself, but I couldn't find a more appropriate place to ask and I couldn't find the answer on Google neither.
Is "KeePass Touch" a fork of MiniKeePass? This is their US appstore listing: https://itunes.apple.com/us/app/keepass-touch/id966759076?mt=8
When looking at the user interface the two apps seem very similar, but the app developer (Innervate UG & Co. KG, a small startup/app development agency from Germany) doesn't mention anywhere that the app is based specifically on MiniKeePass. In the help section of the app they only mention that the source code is available by emailing them. But they don't even mention under which license they would be providing the source code:
I sent an email to the aforementioned address 2 weeks ago but still haven't heard back.
I'm wondering if you're aware of this and if you have any more information? Has anyone else tried emailing them?
The text was updated successfully, but these errors were encountered: