Package: qtpass Version: 1.3.2-3 Severity: serious I am flagging this as "serious" because it leads to data loss. Specifically, I already lost the history of my test passwords. Had I not noticed right away, I could have lost REAL passwords.
I have an existing ~/.password-store. It has git enabled. It is read and written to by pass(1). It is read by applications using python3-pypass. I installed qtpass, added a test password, and changed it two or three times. I was very surprised to see that no git commit logs appeared. It seems that by default, qtpass has Configuration > Settings [ ] Use git (off by default) Configuration > Programs (X) Native git/gpg (on by default) ( ) Use pass (off by default) If the user has no existing .password-store, this is a reasonable default. However, if .password-store is ALREADY using git, qtpass SHOULD use git by default. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages qtpass depends on: ii gnupg 2.2.27-2 ii libc6 2.32-4 ii libgcc-s1 10.2.1-6 ii libqt5core5a 5.15.2+dfsg-9 ii libqt5gui5 5.15.2+dfsg-9 ii libqt5network5 5.15.2+dfsg-9 ii libqt5svg5 5.15.2-3 ii libqt5widgets5 5.15.2+dfsg-9 ii libstdc++6 10.2.1-6 Versions of packages qtpass recommends: ii pass 1.7.3-2 pn pass-extension-otp <none> pn pwgen <none> Versions of packages qtpass suggests: ii git 1:2.30.2-1 -- no debconf information