Concerns Raised Over Bitwarden Moving Further Away From Open-Source - eviltoast
  • 486@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 months ago

    I really hope that this is actually the case, but I am not very optimistic. This doesn’t seem to be a mistake. They intentionally move functionality of their clients to their proprietary SDK library. The Bitwarden person stated this in the Github issue and you can also check the commit history. Making that library a build-time dependency might actually have been a mistake. That does not change the fact, that the clients are no longer useful without that proprietary library going forward. Core functionality has been move to that lib. I really don’t care if they talk to that library via some protocol or have it linked at build time. I wouldn’t consider this open source, even if that client wrapper that talks to that library technically is still licensed under GPLv3.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      They intentionally move functionality of their clients to their proprietary SDK library.

      Proprietary is a strong word IMO. Here’s the repo, it’s not FOSS, but it is source available. It’s entirely possible they make it more open once it stabilizes, but it’s also possible they make it less open as well. It’s still early, so we don’t know what the longer term plans look like.

      I don’t think we should be panicking just yet, but I’ll certainly be checking back to see what happens once this internal refactor is finished, and I’ll be making some more regular backups just in case they are, in fact, trying to take it proprietary. I don’t think that’s the case (why would they? I don’t see the benefit here…), but I guess we’ll see.

      • 486@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Proprietary is a strong word IMO. Here’s the repo, it’s not FOSS, but it is source available.

        Yeah, that’s what I meant by “proprietary”. I guess having the source to look at is better than nothing, but it still leaves me uneasy. Their license lets them do anything they want (ignoring that - as it stands - their license is void due to the linkage with GPLv3 code, but they said they want to fix that). I have no idea what their plan is. I don’t think it is in their best interest to go the route they appear to be going. Having truly open source clients seems to be a selling point for quite a few customers. But what do I know…

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Agreed. If they end up not making this component FOSS, I’ll probably leave and take my paltry $10/year with me (which I don’t need to pay since the features I use are all in the free version). But I’ll give them a year or so to work out whatever refactoring they’re doing before making that call, I’m certainly not going to jump ship just because a new component is merely source-available.