I have a client thinking about using KeePass, but he has a mixed PC and Mac environment. He brought up a concern about the "unofficial" nature of the Mac OS X client and wondered how well these packages are scrutinized by KeePass developers. They recently had their envionrment compromised so are a little wary about the possibility of someone getting a hold of all of their passwords and wanted to make sure there was some kind of quality control on the unofficial packages to make sure they are secure.
All unofficial clients have different quality levels. Some have major drawbacks in file handling or security that come with the nature of their environment. The only thing you can do is check the source code and look at the community. There is no "certified" badge a port can obtain and my guess is there never will be. What I would do in your place is keep away from closed source distributions. You never know what they might or might not do.
Those security concerns are why I stopped using KeePassX for Mac. In another post I wrote about how I used the "original source" version of KeePass.
Log in to post a comment.