Think about it, do you really want to have X11 going forward the next decades?

If the alternative is a new system that literally does nothing? Sure!

Want to present a menu for windows? Wayland: "lol, do it yourself".

Want to position a window? Wayland: "lol, do it yourself".

Want to remember that a window has a position? Wayland: "lol, do it yourself".

Want to add a global keyboard shortcut? Wayland: "AAAAHAHAHAHAHAHAHHAHAHAHAHAHAHA!"

X11 may be old and whatever you want, but it works and it's battle-tested. Wayland can't even launch a full desktop session in my machine, which is even less than the failure Pulseaudio was back in its day and that's saying something. And even if it did somehow launch, I probably would not be able to use anything serious like a media player or multiple workspaces on it.

February this year, and the iGPU of my machine (Intel 915 driver).

I mean yes, how exactly would you want the web to work?

Text and images and hyperlinks; maybe audio and video if you're lucky and you can prove you can be trusted. No such thing as scripting, or if it's allowed, only in a limited manner with no such thing as "eval" and obfuscation and no ability to add or delete nodes from the DOM (or if it's allowed, those nodes must reflect under View Source / CTRL+U). No such things as loading a javascript audioplayer that tries to mix 123456 weird sources, just link me the .m3u direct to the audio stream's .mp3 file, or even better an .opus.

Definitively no DRM.

If any such thing as GPU access is provided it should be to deposit data, not to run code.

It's not dead there either, although I'd make the argument that X11 as a project is "mature" or "finalized", it doesn't really need hyperactive development like the tiktok children are used to.

(There are very good arguments that a new software stack was needed, but I'd expect the result to at least do something; ATM Wayland is little more than literally a "everyone else do my work for me" project)

I ask for some method that prevents the file to even be copied through a disk clone

Oh that's quite simple! Just don't have the files on the first disk in the first place. Make them a remote mount from a server, for example via sshfs, webdav, etc. Heck, even ftp if it comes down to it. That way, even though you can clone the disks, you can not get to the files if you don't also have the full authentication requirements for the remote server (such as a password).

At a conceptual level, you can't do anything via root to prevent someone who clones the disk from... well, cloning the disk. Having physical access to a disk is a much higher level of access than even root, so if what you are looking for is for your content to not be cloned, you need to fortify physical access to the device.

alias run0=sudo

(not really; I'd rather not introduce an alias or any sort of symbolic behaviour that would teach me to expect that systemd crap is available on a system. The less you rely on it, the better)

lol, Wayland can't even start a desktop session on my machine, whereas X11 has worked without issues since 2009 (the last time I ever had to edit xorg.conf).

Sure sounds like X11 is the one who's "dead" around here!

To be fair, the fact that browsers are allowed to do so much that this warning has to be shown is more an indictment on the current state of browsers (which at this point are almost like installing VMWare and a virtual machine on your computer!) than on something something Firefox or something something Flatpak.

Mis felicitaciones a Argentina por ser el tercer (o cuarto, depende de cómo lo cuenten) gobierno neofascista de América este siglo.

Al menos es una cosa en la que nos pueden ganar a Chile, no como la Copa América.

Oh great now we'll have DRM in Mesa. Linux is turning into Windows! /s

And no, it wasn’t just the favicons feature that was removed (which like … is that really such a big privacy issue that you need to remove it from the binary?)

Fetching a favicon means raising a network connection with a predictable endpoint. That's already three concerns (four on the modern internet) to handle security-wise, and it's absolutely an unneeded feature. Favicons could just be shipped on something like keepassxc-data or keepassxc-contrib to handle locally, no need to raise a network call.

Storm in a teacup, as tends to be the norm on the internet.

Not only this is nothing new and nothing unexpected to happen in Sid of all places, but it's also something that helps bring keepassxc more in line with packaging guidelines on Debian. They already have lots of packages, both of the mutually-exclusive kind and of the complementary kind, with "foo-full", "foo-minimal", "foo-data" etc naming. p7zip and nginx of all things are quite interesting examples.

Plus, the author of the post sensationalizes the title to brigade the issue.

All that said:

• If the maintainer wishes to do this, "only" having two packages is a half-assed measure and that causes more issues in the long term. I'd expect three packages: keepassxc-minimal, keepassxc-full and the retained name keepassxc as a virtual package name.
• Furthermore, a direct upgrade path should go from (previous) keepassxc to (proposed) keepassxc-full.
• I don't know enough of KeePassXC to know if something like keepassxc-data would be needed. Are there potential cases where one would want to switch between "-full" and "-minimal" or viceversa without the system seeing a software uninstallation in the meantime?
• The "crap" rationale is definitively something we all can do without, but given how people tend to brigade developers who try to do things, I can completely understand and support raising shields and looking defensive because some damage is already going to be done.
• Most responses are right in that the right place to discuss this is in the opened Debian bug report. The entire point is to see Debian (not KeepassXC) handle this before things get to Next Stable.