Hello, ping me (GlitchTip lead) if you want to collaborate. Your stack is also Django. I'd be open to simplifying - we could probably make Redis optional. I have an experimental script that runs celery and Django in one process. But I think Postgres is a must have. So that gets down to two. My hope is that GlitchTip works for super small use cases and scales with minimal thought required.
I'd love to know more about what makes Django harder to deploy. Is there an example you're comparing it to? Is there a solution that you can imagine that would make it easier?
I'm working on that (https://passit.io) and I'm curious what your opinion of good UX is. Many here mention vulnerabilities from web extension autofill (domain matching issues, etc). Do you have any opinion between:
A) No autofill. Copy and paste (but good simple shortcuts). Least attack vectors, but least convenient.
B) Autofill but only when user prompts (with shortcut). This avoids having to inject js into web pages. The web extension needs less overall permissions this way. It avoids certain attack vectors. Features would be less discoverable - you have to know to hit the shortcuts or click a browser icon.
C) Prompts to Autofill in the page. This is the most common technique, lastpass does it. Vulnerable against domain matching misparsing. It's a big attack vector but there are plenty of common password manager vulnerabilities that can be studied and mitigated against.
Or something else? Also what issues do you have with current open source password managers?
