214
Bitwarden update: sdk-internal now GPL, sdk/sdk-secrets to remain proprietary but not used in clients (github.com)
submitted 3 weeks ago by Atemu@lemmy.ml to c/opensource@lemmy.ml
37 comments fedilink hide all child comments

@brjsp thanks again for submitting the concern here. We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included. The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

The original sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.

This appears at least okay on the surface. The clients' dependency on sdk-internal didn't change but that's okay now because they have licensed sdk-internal as GPL.

The sdk-secret will remain proprietary but that's a separate product (Secrets Manager) and will apparently not be used in the regular clients. Who knows for how long though because, if you read carefully, they didn't promise that it will not be used in the future.

The fact that they had ever intended to make parts of the client proprietary without telling anyone and attempted to subvert the GPL while doing so still remains utterly unacceptable. They didn't even attempt to apologise for that.

Bitwarden has now landed itself in the category of software that I would rather move away from and cannot wholeheartedly recommend anymore. That's pretty sad.

you are viewing a single comment's thread
view the rest of the comments
[-] lemmeBe@sh.itjust.works 11 points 3 weeks ago

Too bad because there are no other Bitwarden cons for me. Any recommendations?

Tried Proton Pass yesterday, and while it looks nice, browser extension not having a password lock is a deal breaker for me.

Also, I found out in the evening that after trying out Pass during the day and quitting on it, all my aliases in the SimpleLogin are gone. I know Proton owns it, but I wasn't expecting that by deleting data on Proton (not the account itself), aliases could get deleted...

Still, not sure if it's connected. I use SimpleLogin independently of other Proton services, but same primary email. Waiting for support.

[-] JustMarkov@lemmy.ml 10 points 3 weeks ago

I've switched to KeePassXC on pc + KeePassDX on mobile after that whole drama. Proton Pass is also interesting, but there's no way I'm gonna use cloud-based password managers anymore.

[-] Redjard@lemmy.dbzer0.com 4 points 3 weeks ago

Keepass2Android Offline also works very well. It has a somewhat different feature set compared to DX.
I found it to be more stable at remaining permanentl unlocked, and DX dropped the 3rd domain level for password matching on either websites or apps, I don't remember.
On the other hand DX works better for adding new credentials or making changes. Since I usually do that on desktop it doesn't matter much for me.

[-] JustMarkov@lemmy.ml 2 points 3 weeks ago

Keepass2Android is not on f-droid, unfortunately. Also, KeePassDX has a much nicer interface.

[-] Redjard@lemmy.dbzer0.com 4 points 3 weeks ago

The offline version is on izzyondroid.
The design is worse, yes.

I don't think it matters much because most of the time you only see the autofill thing, not the app.
When you do go to the app, it is to select between multiple credentials, which is still a split second action.

On mobile I have my 2fa in a different more convenient app (aegis), though k2a does allow to copy 2fa codes

[-] lemmeBe@sh.itjust.works 1 points 3 weeks ago* (last edited 3 weeks ago)

Thanks for the info. How does it sync?

Never mind. Now I see it's with SyncThing.

[-] Redjard@lemmy.dbzer0.com 3 points 3 weeks ago

It doesn't.
Both DX and K2A-O open a local keepass file.
They are capable of reloading the file when it is changed, and can be set to immediately write out changes to the file.
Then you take whichever file sync tool you like and sync it with all other devices using it. As long as the sync tool can sync files in your internal storage, it will work.

I use syncthing, with a dedicated keepass folder containing only the database file. Then I simply add all my devices to the share and it'll sync any changes to all other devices. I also have version history enabled for the share.

[-] lemmeBe@sh.itjust.works 1 points 2 weeks ago* (last edited 2 weeks ago)

Sorted. Had a bit of trouble debugging issue with Librewolf and the extension, but got it working.

While I was at it, converted my notes from Anytype to Joplin, and set up sync as well. Wanted to try out Joplin for quite some time now.

Weekend started nicely. ☕

[-] lemmeBe@sh.itjust.works 1 points 3 weeks ago* (last edited 3 weeks ago)

Nice. Thanks for details! 🍻

I'll try it out over the weekend.

[-] kia@lemmy.ca 6 points 3 weeks ago

The browser extension has a pin lock feature.

this post was submitted on 25 Oct 2024
214 points (98.6% liked)

Open Source

31222 readers
195 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml