
MitM Attack Against KeePass 2's Update Check - TimWolla
http://seclists.org/fulldisclosure/2016/Jun/2
======
TimWolla
Money quote:

> 8.2.2016 @ 15:45: Received response from Dominik Reichl: The vulnerability
> will not be fixed. The indirect costs of switching to HTTPS (like lost
> advertisement revenue) make it a inviable solution.

