537
Bitwarden Desktop version 2024.10.0 is no longer free software (github.com)
submitted 3 weeks ago by pnutzh4x0r@lemmy.ndlug.org to c/opensource@lemmy.ml
127 comments fedilink hide all child comments

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

you are viewing a single comment's thread
view the rest of the comments
[-] CosmicTurtle0@lemmy.dbzer0.com 26 points 3 weeks ago

Iirc, once reported, the project has 30 days to remedy or they are in violation of the license. They can't even release a new version with a different license since this version is out under the GPL.

[-] GissaMittJobb@lemmy.ml 18 points 3 weeks ago

Given that they own all of the source code (CLA is required to contribute), they can just stop offering the code under GPL, unless they happen to have any GPL dependencies not under their control, in which case this would not be viable.

[-] CosmicTurtle0@lemmy.dbzer0.com 12 points 3 weeks ago

Switching licenses to future versions doesn't invalidate previous versions released under GPL.

I'm not a lawyer but I deal with OSS licenses for work and I don't know if there's ever been a case like this, that I can think of anyway.

Their previous versions, still being under the GPL, would require them to release a change to make it usable on desktops. Again, I'm not a lawyer here but there is a lot of case law behind the GPL and I think the user who made the issue could take them to court to force them to make the change if they don't respond in 30 days.

[-] Redjard@lemmy.dbzer0.com 13 points 3 weeks ago

It means previous versions remain open, but ownership trumps any license restrictions.
They don't license the code to themselves, they just have it. And if they want to close source it they can.

GPLv3 and copyleft only work to protect against non-owners doing that. CLA means a project is not strongly open source, the company doing that CLA can rugpull at any time.

The fact a project even has a CLA should be extremely suspect, because this is exactly what you would use that for. To ensure you can harvest contributions and none of those contributers will stand in your way when you later burn the bridges and enshittify.

load more comments (3 replies)
load more comments (3 replies)
load more comments (3 replies)
this post was submitted on 20 Oct 2024
537 points (95.6% liked)

Open Source

31222 readers
263 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml