Bitwarden SDK relicensed from proprietary to GPLv3

Posted by ferbivore 10/24/2024

Bitwarden SDK relicensed from proprietary to GPLv3(github.com)

1014 points | 369 commentspage 3

Always42 10/25/2024|

I have been using bitwarden for some time, and actually pay for it because i like it so much. should i switch?

mbix77 10/25/2024||

Such a pity they are starting to try to move to proprietary model. I have been using them for years. I thought they were different than other "open-source" companies (e.g. Redis).

What are the alternatives for an open-source cross-platform password manager? Anybody has used Vaultwarden already?

tmpfs 10/25/2024||

We have been working on a open-source, cross-platform alternative called SOS[1]. The source code is on github[2] and includes a self-hostable server for syncing. It is well documented[3] for those that want go build on top of it.

Would love your feedback if you can take it for a spin!

[1] https://saveoursecrets.com/ [2] https://github.com/saveoursecrets/sdk [3] https://docs.rs/sos-sdk/latest/sos_sdk/

chx 10/25/2024|||

No, they are not. They have a separate product which is closed source and there was a accidental mixup between the dependencies of the two. They fixed it quick. As I posted repeatedly in this issue: we need to be much much more lenient and supportive of one of the very few companies which still try. If this is the support they get why would anyone else even bother?

ferbivore 10/25/2024||

This was not an accidental mixup. Have you actually read the previous issue threads? Their stance was that "there are no plans to adjust the SDK license" before the backlash.

NicuCalcea 10/25/2024||

I've been using KeePass (mostly through third-party clients) for years and never saw a reason to switch to anything else.

It doesn't sync between devices by default, but I see that as an advantage, you can use a cloud provider like Dropbox, your own server, FTP, Syncthing, whatever you're comfortable with.

aiono 10/25/2024||

Good to see this. Bitwarden is one of the few companies that I actually like. And even them can dissappoint when profitability requires it seems.

RyeCombinator 10/25/2024||

Can somebody ELI5?

chx 10/25/2024||

People are dicks to one of the last companies which operate in a transparent manner and open source their product.

There was a bug, it got fixed. Nothing to see here, move along.

palata 10/25/2024||

This doesn't look like a bug: https://github.com/bitwarden/sdk/issues/898

wmf 10/25/2024||

AFAIK they went closed source the other day which triggered backlash and now they're opening back up.

jth1 10/25/2024||

My understanding is they were never closed source. Some of their code is GPL and some is proprietary, but all is source-available on GitHub. There was a bug where you couldn't build their client without a proprietary dependency, but they have fixed that so you can now build their client with only GPL code again.

palata 10/25/2024||

I don't think it was a bug. They dismissed it and clearly said that they had no intention to adjust the license: https://github.com/bitwarden/sdk/issues/898.

renewiltord 10/25/2024||

To be honest, it looks like he just had an internal model of “internal code no gpl”, “external code gpl” and mindlessly answered based on that. The fact that it made the latter impossible seems to have been successfully impressed on him.

Overall, I’ll stay a Bitwarden customer. People fuck up and I’m a tit-for-tat-with-random-forgiveness tactic user, not grim-trigger.

palata 10/25/2024||

I could accept that he doesn't understand how open source licenses work, or doesn't care, and that it was not meant as a shady move. But still I wouldn't call it a bug, and it does not inspire confidence. Still it's not LastPass-bad.

This said, I still recommend Bitwarden to my family. I moved to pass (https://www.passwordstore.org/) a while ago just because it corresponds better to my needs and I have more control.

reptation 10/25/2024||

I looked into Bitwarden but hard to see what it offers over Psono and the pricing is significantly steeper.

aussieguy1234 10/25/2024||

I started using BitWarden as my main password manager after the LastPass security breaches.

PaulKeeble 10/25/2024||

Once an organisation has tried once they invariably do it again and again until they find a way to getting what they want. The customers tire of complaining over and over about little enshitifcations and eventually the company wins. Once they start it always goes the same way it just often takes a few goes before most give in.

It will years until it becomes awful but the process has started. It's really a shame every company has to do this with otherwise good products.

gitaarik 10/25/2024|

If that would be the case, I wouldn't have expected them to change it back. I don't think it was that bad of an impact for them, they are already big enough in non-hardcore-open-source communities that they could pull it off and afford to lose some customers to go propietary. I'm actually really positively surprised by them that they actually picked up on this issue raised by the community and that they fixed it very promptly.

Yes the trust was seriously damaged, but this move does restore it largely for me.

la_fayette 10/25/2024||

We moved to passbolt and we are happy with it.

Beijinger 10/25/2024||

I may check it out again. But I love the commercial product enpass.io (I use the free version, don't need it on my cell phone).

AdmiralAsshat 10/25/2024|

So, crisis averted?

More comments...