Sebastian Raible sebastian at
Tue Aug 23 09:48:51 UTC 2016

Dear all,

On 12/08/16 12:08, Matthias Kirschner wrote:
> * David VANTYGHEM <david.vantyghem at> [2016-08-11 22:34:35 +0200]:
>> About
>> Why choosing KeePass and not KeePassX ? KeePass is using the .NET Framework.
>> If you find security holes in .NET, it will be impossible to remove them.
>> KeePass is not really multi-platform. KeePassX is really multi-Plateform and
>> proprietary software independant.
> I'll try to find out. I assume because Keepass is used in the
> Commission.
> Regards,
> Matthias

I work as an assistant to MEP Julia Reda in the European Parliament who
proposed the pilot project in 2014 following the Heartbleed discoveries.
I am following the FOSSA project for our office. The FOSSA project is
overseen by a team in the Commission and realised by their contractor,

From what can be found on the projects' websites, KeePass is developed
in two branches, the developer calls them the "Classic" (1.x) and
"Professional" (2.x) editions, only the latter is developed in
.NET/Mono. KeePassX is a fork of the "Classic" branch.

As far as I have been told, neither of them is widely used within the
European institutions, however there apparently are some KeePass users.
A password manager is something that users in the EC seem to wish for,
and I imagine the same goes for users in other institutions.

From what I understood, the audit will be looking at the classic
variant, hence potentially discovering issues that could as well go for
KeePassX. The team recently asked for contributions on their web site:

I hope that helps. Should you have any questions, please Cc my work
address <sebastian.raible at> to be sure I don't miss them.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Discussion mailing list