Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

You are viewing a single thread.
View all comments
127 points
*

There’s a lot of drama in that Issue, and then, at the very end:

Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.

the SDK and the client are two separate programs
code for each program is in separate repositories
the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3

Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.

permalink
report
reply
60 points

Um can someone translate what this means?

permalink
report
parent
reply
118 points

They claim the SDK and Bitwarden are completely separate, so Bitwarden is still open source.

The fact that the current version of Bitwarden doesn’t work at all without the SDK is just a bug, which will be fixed Soon™

permalink
report
parent
reply
26 points

Iirc, once reported, the project has 30 days to remedy or they are in violation of the license. They can’t even release a new version with a different license since this version is out under the GPL.

permalink
report
parent
reply
17 points

Also important to note is that they are creating the same license problems in other places.

They broke f-droid builds 3 months ago and try to navigate users to their own repo now. Their own repo ofc not applying foss requirements, because the android app is no longer foss as of 3 months ago. Now the f-droid version is slowly going out of date, which creates a nice security risk for no reason other than their greed.

Apparently they also closed-sourced their “convenient” npm Bitwarden module 2 months ago, using some hard to follow reference to a license file. Previously it was marked GPL3.

permalink
report
parent
reply
17 points

further translating it: they are closing it down but trying to make it look like they arent

permalink
report
parent
reply
4 points

Also, its not a “bug”, its them testing the waters

permalink
report
parent
reply
47 points

They’re trying to argue legal technicalities because acknowledging that they’re trying to reduce compatibility with servers like vaultwarden would be bad PR.

Per their new license, anyone that uses their SDK to build a client cannot say, “this is for Bitwarden and compatible servers like vaultwarden”. They cannot support those other servers, per their license. Anyone that gets suckered into using their SDK now becomes a force against alternative implementations.

permalink
report
parent
reply
22 points

The main program is open, but the development tools are not

permalink
report
parent
reply
24 points

plan to resolve

timeline unknown, maybe 2124

permalink
report
parent
reply
-2 points

There is always a very vocal minority itching to cause as much drama as possible. It’s very discouraging to see in general. I agree with and want more FOSS, but I’m not sure I’d ever consider making it myself; it’s not worth extra stress personally.

permalink
report
parent
reply

Open Source

!opensource@lemmy.ml

Create post

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Community stats

  • 3.3K

    Monthly active users

  • 1.2K

    Posts

  • 10K

    Comments