Here are my random observations and views about KeePass 2 on a Mac, and the project future:
First, some notes about the KeePass 2 on Mac that I tested today (20090317):
* Don't take my word for it, see it yourself: An step-by-step guide
how to get KeePass Portable (works for version 2.07 too) running on the latest Mono release.
- In order to run KeePass 2 on Mac, you need to download and install the Mono Framework, which is quite big (download size ~100MB, install size ~300MB). This of course is not a problem if there is a lot of programs using the same framework (think Java) so eventually it may become a standard component everywhere.
- Mono for Mac OS X
download page lists that Gtk# and System.Windows.Forms (essential GUI libraries) require X11 currently as a dependency, so the Mono's graphical system will not work without it.
I don't know if this is a problem, because quite a few programs use X11 on Mac, so by default it's usually installed (I'm not sure if it's even part of the default OS X install, someone can educate me on this).
However, they say that "We do not use X11 for anything but font rendering", so this dependency might even go away in the future, essentially making the problem disappear.
- Currently, the GUI has drawing/behaviour bugs, screen updates are noticeably slow and the components are non-native (one could even say ugly). Even the menu bar is in the window, not where 'it should be' in the Mac.
- Currently, even the clipboard copy-paste doesn't work, this might be a limitation in the current version of Mono on OS X.
This is of course the current situation, and it surely will improve in the future. As the KeePass author himself notes
(...) As stated above already, KeePass 2.x was never intended to be run today. (...)
(This should not be taken too literally. KeePass 2.x is very good piece of software and useable on Windows environments right away, if you have .NET installed. I personally use it.)
+ Portable code, same code runs everywhere.
+ .NET Framework seems to have good security classes for e.g. keeping the plain text in-memory data secure (if you can trust the implementation, and of course you can roll your own). (Btw, Java lacks this support completely.)
+ KeePass 2.07 seems to reasonably stable on Mac/Mono at least in normal casual use (open database, look for an entry).
+ Improvements made to Mono would help an increasing number of people create portable software on it.
My current conclusion:
I don't think that KeePassX project should be axed now, because it is a software that is intended to be used today, not tomorrow. This is true especially on Linux and Mac environments where it is, in my opinion, one of the best solutions available that just work (tm).
However, there are numerous pitfalls within keeping the project alive. I believe that the biggest problems are currently the code base and the lack of documentation. I think this seriously attacks the vital 'fun factor' of an open source project.
My suggestion is that we begin carefully dismantle, clean up and eventually replace the existing implementation in a bottom-up manner -- keeping the good bits and replacing the bad with better. This is not an easy task, but it must be done and it can be done in small steps so that it won't choke the project.
Ultimately I suggest planning the rewrite in a manner that facilitates a) ~frequent releases b) small feature additions during the rewrite c) big new features in the end of the rewrite (like my pet wish, reliable synchronization of databases between multiple computers, cross-platform). I also dare to suggest that, despite the KeePass-name, we could design and implement (of course reuse knowledge/code as much as reasonably possible) a database format that would be reusable, flexible, facilitate new features more easily and that could be implemented in small functional steps (in the case KeePass 2.x format isn't like this). (Maybe some wild ideas: Sqllite with encrypted content?)
Good thing is, that there are (currently) two brave souls that are keeping the gears going and there is continuing interest for the software so far. In addition, there have been several developers in the past that have been able to pass on the development responsibility and making of course their excellent contribution to the project.
Now I would love to hear others' views and feedback about this.
Thanks if you really read the conclusion part this far. Appreciate it.
Btw, there has been already some discussion earlier in this Thoughts on KeePass 2.0