@mninoruiz I very much appreciate the clarifications.
I want to share some things from my point of view - but it’s not a response to what you were saying. Just some things that are related that I would like to mention.
When I first started using passbolt, I was implementing it at a counseling center where office staff shared passwords on a spreadsheet. All passwords were the same so I’m not sure why they bothered noting them. When I looked at all the password manager options at the time, I needed something with no subscription costs because the counseling center was financially strained. Passbolt met the minimum requirements for my need, because I need real security. I knew it could only get better. It was super bare bones.
All of the features that people today want backported to the CE didn’t even exist then in the Pro edition! I was never on the app development team but did help with updating web documentation at one point, specifically the API documentation. So, I’ve worked with the people at passbolt.
When I was new to passbolt I misunderstood that open source equated to community-built. I thought, look how active the forum is! That should bode well for quick improvements. But actually, it pulled from development in some ways. So I started making contributions by helping other users. There are many community contributions - and not just fixes but also like this thread itself with the questions and the challenges and pressure. It’s important to know that the organization of passbolt is a growing startup that in my view is less like break things and move fast game and more like NASA.
“The probe must travel for decades to the outer edge of the solar system and be able to send back data years after no one has been able to fix anything.” Maybe it’s not that extreme, but you get the point. No one gets impressed by how it took five years to build a probe. They get impressed by how far out it was able to go.
It is hard to put into words the level of concern and review that goes into passbolt with regard to security. They care. The team will seem slow. At the same time they aren’t on the front page for security issues. Their work is their signature.
Consider the following:
- they develop across numerous operating systems
- those who develop also will provide support and not just to those on Pro - they help in the community too, with “stupid stuff” like installation issues. They actually care about the people using the product.
- when they add a feature they get it reviewed for security
- a couple years ago there was a major overhaul of the app that took resources away from progress but provided something better to build on going forward
- there wasn’t even a mobile app but now we have one
I’ve started businesses and get it: if they break their budget and run out of runway we are left with a cool app that has a lot of backlog requests. They have accomplished some major things in the last two years that weren’t features but actually app capabilities. But they’ve also added a ton of features! I mean, we didn’t even use to have a way to change our passphrase.
I volunteer to help in the forum because I still believe it’s worth it. Trust me, I develop outside of passbolt and have my own views on how I would do it, but the fact is I carry no business risk in this venture. My personal choice to help is because I want to support the team to operate in the vision they have set for themselves. They don’t try to do everything at once and I like that because it’s real life and it works.
In my businesses, the one thing my clients definitely are not asking for me to do is make decisions that result in my not being around. One of passbolt’s strengths is ignoring the complaints they don’t want to ignore but must. The last thing we need is something that looks safe and works great but is inherently broken. So much of the app environment out there is sloppy with corner cutting on security. Passbolt won’t cut corners.
The members of this community are awesome. It’s one of the good ones. It’s all of you in this thread, and the support you express. I thank you for that.