513

Bitwarden Desktop version 2024.10.0 is no longer free software (github.com)

submitted 1 day ago by pnutzh4x0r@lemmy.ndlug.org to c/opensource@lemmy.ml

121 comments fedilink hide all child comments

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

(page 2) 50 comments

sorted by: hot top controversial new old

[-] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 20 points 1 day ago

Damn, I just switched from Bitwarden to KeepPassXC.

Clearly just in time. Lol.

load more comments (2 replies)

[-] wuphysics87@lemmy.ml 18 points 1 day ago

A few questions out of ignorance. How different is this to gitlab's open core model? Is this a permanent change? Is the involvement of investors the root of this? Are we overreacting as it doesn't meet our strict definition of foss?

load more comments (6 replies)

[-] SteleTrovilo@beehaw.org 48 points 1 day ago

Ever since BitWarden got mired in capitalism, I've been dreading that something like this would happen.

[-] fl42v@lemmy.ml 46 points 1 day ago

Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.

the SDK and the client are two separate programs

code for each program is in separate repositories

the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3

Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.

I.e. "fuck you and your foss"

[-] zante@lemmy.wtf 20 points 1 day ago

Pretty much the opposite

[-] fl42v@lemmy.ml 31 points 1 day ago

I doubt it. What'll probably happen is them moving more and more of the logic into the SDK (or adding the back-end of new features there), and leaving the original app to be more or less an agpl-licensed ui, while the actual logic becomes source-available. Soo, somewhat red-hat-esque vibes: no-no, we don't violate no stupid licenses, we just completely go against their spirit.

load more comments (2 replies)

load more comments (1 replies)

[-] Danitos@reddthat.com 3 points 1 day ago

@bitwarden bitwarden locked and limited conversation to collaborators

They also locked the thread 16 hours ago (as of writing this comment), with no explanation.

load more comments (6 replies)

[-] KLISHDFSDF@lemmy.ml 11 points 1 day ago

Looks like I might be moving to Proton Pass after all! I'll give them some time to see what they do about this, but will happily give my money to someone else and migrate friends/family as well.

[-] RvTV95XBeo@sh.itjust.works 2 points 1 day ago

I know little about Proton Pass, but how confident are you they don't also used a proprietary SDK with their open source apps?

load more comments (2 replies)

[-] umbrella@lemmy.ml 10 points 1 day ago* (last edited 1 day ago)

i was about to replace my glorified encrypted text file for a password manager. guess relying on 3rd parties in a late-stage capitalist world is not a viable alternative.

ill stay with my encrypted text file until they privatize encryption. by then ill probably be carving my passwords out on stone. or burning down the servers of these fucking pigs trying to make us identify ourselves for everything on the internet now.

[-] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 11 points 1 day ago

KeePassXC is pretty amazing. :)

load more comments (4 replies)

[-] fireshell@lemmy.ml 2 points 1 day ago* (last edited 1 day ago)

pass is enough (+ xdotool + rofi + pass-menu). Synchronization via git or Syncthing.

[-] tetris11@lemmy.ml 1 points 20 hours ago

How does this play with mobile?

load more comments (6 replies)

[-] guillem@aussie.zone 1 points 21 hours ago

I'm familiar with pass and familiar-ish with rofi. What do the other two do?

[-] fireshell@lemmy.ml 2 points 20 hours ago* (last edited 20 hours ago)

A small script for entering passwords into various windows via rofi, I take passwords from pass.

Example script:

#!/bin/bash
# Sample file rofi_pass.sh
passwords=$(find /home/fireshell/.password-store/ -type f -name *.gpg)
selected_pass=$(echo -e "$passwords" | awk -F "/" '{printf "%s > %s\n", $5, $6}' | rofi -dmenu -p Pass)
item=$(echo "$selected_pass" | awk '{printf "%s/%s", $1, $3}' | sed 's/\.gpg//g')
data=$(pass show $item)
pass=$(echo -e "$data" | head -n1)
login=$(echo -e "$data" | grep -e "^login: " | sed 's/^login: //g')
xdotool type "$login"
xdotool key Tab
xdotool type "$pass"

In awesome wm I bound a key that calls it like this:

awful.key({ modkey}, "p", function () awful.spawn.with_shell("/home/fireshell/Scripts/rofi_pass.sh") end    ,
{description = "rofi pass", group = "launcher"}),

I turn on the computer, press the key combination and the script works, or I run this script from the terminal (~/Scripts/rofi_pass.sh), select the password - it works (if necessary, pinentry is called to enter the main password), after that I press the key combination, select the desired entry

passmenu: extremely useful and wonderful dmenu script.