My reading is that the Debian maintainer disables features at compile time that are pretty basic to the Keepass package. And upstream disagrees about the features getting disabled in the Debian package.<p>"Secure by default" has its merits, but when it means the package cannot be used anymore by a good chunk of users and has to be recompiled, this violates my expectation of getting "mostly vanilla" packages from Debian.<p>Looks like upstream is considering to just remove the flags so this particular maintainer can't disable them anymore. Weird dynamic.