Keepass best practices?

What is or is not best practice is up to the threat model of the user. As I understand it, in your threat model, you clearly absolutely see the recommendation as ‘not best practice.’ That is fair, and I do agree with you personally. However, that may not be aligned with another persons threat model and what they see as best practice.

You appear to be advocating to make your proposal the best practice for QubesOS, which is a fair position. What is not a fair position, is to assert in the community forum space that your best practice is “the” best practice for QubesOS users, without first going through the correct process, which would be to make an edit to the documentation and propose a change to the QubesOS team which will cover your points, and also open the discussion as to why you feel your best practice should become the recommended best practice for all users. This is pretty standard stuff in the open source world, and you seem t know your stuff, but aren’t actually following the collaborative flow. I could, of course have completely missed something in the docs which clearly states what you are stating is, in fact, QubesOS team collaborative recommended best practice, and I stand by to eat some humble pie if that is the case.

I do want to also point out that I think a time of reflection on some of the language and response used would be a good place to come from. Being annoyed with another person should not be addressed by escalatory or inflammatory retorts - it isn’t professional and violates CoC. You may disagree with the original recommendation, but being “fucking annoyed” that someone had a point of view which differs from yours, is not collaborative or inclusive. I do note that your original post was misrepresented a bit at some point, my personal recommendation would be that could have been corrected without unprofessional and oppositional language.

Irrespective of who is right about what is or is not a best practice, I feel that your approach to “calling out” [sic] in this thread has not being collaborative, welcoming or inclusive. This is not how we try to approach things.

Your position of trying to protect others from perceived security oversights is admirable. If you would like your proposal to be considered for inclusion in the documentation as recommended best practice, please follow the correct path, create a draft and open the discussion collaboratively with the team to do that. it would then be very easy to reply to a post with a link to the correct documentation and say “heres the best practice guide” - rather than language which is CoC violations.

Im going to lock this thread now, if you want to have a 1on1 discussion, feel free to DM me. Im happy to help give guidance, listen and advise.