this post was submitted on 20 Oct 2024
517 points (95.8% liked)

Open Source

30857 readers
348 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
517
Bitwarden Desktop version 2024.10.0 is no longer free software (github.com)
submitted 5 days ago by [email protected] to c/[email protected]
124 comments fedilink hide all child comments
 

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 11 hours ago

https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977

We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included. The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

https://github.com/bitwarden/sdk-internal/commit/db648d7ea85878e9cce03283694d01d878481f6b

Thank you to Bitwarden for relicensing a thing to GPLv3 License!

[–] [email protected] 1 points 3 days ago

We need a fully community run password manager with row-level server synchronisation between devices and shared vaults. Maybe a new client for the Bitwarden protocol with Vaultwarden or something new. E.g. 1password's secret key as a second factor is, imho, their best feature. It pretty much eliminates the possibility of the vault being decrypted due to a weak master password.

[–] [email protected] 12 points 4 days ago

Laughs in keepassxc

[–] [email protected] 13 points 4 days ago

How would the community's reaction be if Bitwarden goes, "Look, we are moving more into the enterprise space, which means using proprietary software to service their needs. Our intention is to keep the enterprise and public versions sandboxed, but there is crossover, and we made a mistake."? I really don't care what they do in the enterprise space. Perhaps I'm an apologist, but seemingly more torn than most other posters.

[–] [email protected] 48 points 4 days ago* (last edited 4 days ago) (1 children)

Apparently and according to Bitwardens post here, this is a "packaging bug" and will be resolved.

Update: Bitwarden posted to X this evening to reaffirm that it's a "packaging bug" and that "Bitwarden remains committed to the open source licensing model."

Let's hope this is not just the PR compartment trying to make this look good.

[–] [email protected] 6 points 3 days ago

I think even if they do reverse course or it was a genuine mistake, it's easy to lose people's trust forever, ESPECIALLY when it comes to something sensitive like storing ALL of your passwords.

[–] [email protected] 2 points 4 days ago (1 children)

I just exported my data from BitWarden and imported into ProtonPass. Was pretty easy. Hate the color palette of the app and browser extension though, lol.

[–] [email protected] 12 points 4 days ago (1 children)

I can't imagine that's any more free than bitwarden?

[–] [email protected] 3 points 4 days ago

GPL'd clients. Everything is encrypted/decrypted on the client before sending/receiving to/from the server. I may later switch to a self-hosted solution, but don't want to set one up right now (was using BitWarden's cloud before).

[–] [email protected] 11 points 4 days ago

Dumb it.

Move to something else.

This is how fuckery starts.

load more comments
view more: next ›