@jonah went over this scenario with 1Password (which I think is apples to apples).
The question is, is there a substantial reason to remove Strongbox from the list today given that it is already on there? I am not sure Strongbox being reliant on one dev (something other recommendations have had) or not being open source is “substantial” enough.
I could be convinced one way or the other. I just think its important to focus the conversation based on the precedent that has already been set for this category.
Personally, since the process to add a tool is so rigorous, it seems to me the bar for removal should be set very high. Since Strongbox still meets all the criteria and, since it seems like they removed saying they were open source (correct me if I am wrong). I don’t see enough here to remove it.