Posted by ferbivore 2 days ago
For instance, Google can use bash in their backend infrastructure, but Apple cannot ship it on MacBooks or iOS anymore.
SaaS didn't exist when the GPL was drafted. If that's an issue for you, there's the AGPL.
If you mean v3, this isn't true. AGPLv3 is written the same time as GPLv3, and references each other to maintain compatibility (a special provision that lets you use code in the other license provided you follow the other license for that component)
> The default license throughout the repository is your choice of GPL v3.0 OR BITWARDEN SOFTWARE DEVELOPMENT KIT LICENSE unless the header specifies another license. Anything contained within a directory named bitwarden_license is covered solely by the BITWARDEN SOFTWARE DEVELOPMENT KIT LICENSE.
They've done largely the right things for _years_ in terms of security. They've operated pretty transparently in terms of open sourcing. They've allowed vaultwarden to exist, and eventually created a self hostable version as well.
But one bad release with a license screw up and nobody is willing to give them an inch?
I will continue to use bitwarden, and am willing to give them the benefit of the doubt. Especially considering this action above. They are a company that is perfectly toeing the free/oss and commercial line.
CTO: > There are no plans to adjust the SDK license at this time. We will continue to publish to our own F-Droid repo at https://mobileapp.bitwarden.com/fdroid/repo/
https://github.com/bitwarden/sdk/issues/898
Doesn't seem like a mistake or unintentional action.
What worries me, though, that people who should have known better commit such oopsie daisies more and more (across many projects, I don’t mean this one only), almost as if they are testing the waters to see what they can get away with.
I think if it's a pattern then it's no accident. Of course people will test things. Kids, dogs, it's all the same: if you can get away with something, why not do it?
I don't have a lot of context on the issue.
Is it clear it was just a packaging bug, rather than a move towards partially proprietary?
Years later they switched to Argon, somehow solving all of the blocking problems they had repeatedly claimed they couldn’t fix.
I don’t trust the org at all. The software is ok but I only use it because it sucks marginally less than all my other options.
People who care about software freedoms don’t release proprietary software. Organizations like this or Microsoft are just engaging in open source cosplay.
You're not the one who first reported it, but I did see your comments at the time. Calling them hostile is really the pot calling the kettle black, uh?
Plenty of other products started slipping downhill after management saw a need to change the license. Why else would you change your license terms if its not to then be able to change your business practises down the road?
I don't see how you think introducing a GPL license is gonna lead to worse business practices? Unless you don't know what the license is.
I wasn't thinking that at all. BW started as open source afaik.
Its rough, but functional, an exercise not a real product, never expected to be a real product. https://github.com/funvill/FancyGorillaPasswordManager
The tech is easy. Website, Browser extension, iOS, Android, Windows, Linux, MacOS apps done in less then a day.
Gaining trust is hard, who is going to trust a random guy on the internet.
This should be easy to encrypt and decrypt on all operating systems, and would make it easy to move your vault to a new password manager.
Running vaultwarden on a home server is one small disaster away from losing everything. Homelabs typically don't enjoy the same level of protections and redundancies compared to a commercial DC.
It just creates a git repository that I can back up wherever I want.
Android: Keepass2 android.
Use syncthing to stay in sync.
Another thing I recommend is to enable versioning on syncthing for the database. This way accidental changes can be reverted easily.
you could recover from that
Presumably they are able to do it because they own the rights and can grant a non-GPL license to Apple for distribution.
This seems to me to still be a “nobody can fork this [and still have a viable iOS app] but us”.
I remember pre-COVID trying to validate the popular claim that the App Store terms were incompatible with GPLv3 but being unable to do so. None of the provisions that were originally called out by the FSF were in the App Store terms anymore at that point. Certainly nothing I found in the terms at the time indicated any incompatibility.
Maybe the European Union comes to the rescue... (for Europeans)
We just need to rally together a community that would maintain such a fork.
https://github.com/bitwarden/ios?tab=GPL-3.0-1-ov-file
Is proprietary config required to build the IPA file?
Looking into it again, it seems like the Apple Media Services T&C now has provisions for distributing apps under a "Custom EULA", but it still has weird clauses like the one saying you can't "scrape, copy, or perform measurement, analysis, or monitoring of, any portion of the Content", which their definition of includes apps. (Ridiculous clause since it prohibits so much as looking at an app with Activity Monitor, but whatever.) The GPLv3 has a provision saying users can ignore additional restrictions, but you as an App Store uploader aren't in a position to grant that right, so... the situation still seems legally iffy enough that I'm not sure you could win against Bitwarden if they objected to a fork.
Yes, non-portable across different OEMs. But Apple Passwords app lets you export your passwords in a nice little simple csv file. It was a suspicion-filled (because it's Apple) pleasant surprise to find that out.
https://support.apple.com/en-us/guide/passwords/mchl35b12625...
What I dislike about Apple Passwords is how tightly coupled everything is.
I just tried to set it up on my Windows 10 machine with a local account, but it requires Windows Hello to be turned on, which can't be done except with a Microsoft account.
Kinda ridiculous of them to force arbitrary restrictions on us.
Not of passkeys, to my knowledge.
> What I dislike about Apple Passwords is how tightly coupled everything is.
That’s definitely also discouraging me as well.
I don't know what it is, but password managers just love the high-speed enshittification train.