Bitwarden users concerned over new SDK license clause and open-source commitment
Bitwarden users have raised concerns following a recent update to the Bitwarden client that includes the new bitwarden/sdk-internal dependency. This dependency carries a license clause restricting its use to applications compatible with Bitwarden, prohibiting its use for developing non-compatible software or other SDKs. Bitwarden, known for its open-source password management software, has traditionally operated under a freemium model and supports various clients and platforms with an encrypted vault.
The clause has sparked apprehension among users on GitHub, who fear it could indicate a shift towards proprietary software, despite Bitwarden's open-source claims. Addressing these concerns, Bitwarden founder and CTO Kyle Spearrin clarified that the SDK's integration aims to ensure GPL compatibility while maintaining separate repositories for the SDK and client. Spearrin emphasized that the communication between these programs via standard protocols does not equate to them being a single program under GPLv3.
The community is closely watching how Bitwarden navigates this situation, particularly regarding its commitment to open-source principles.
- Password Manager
- Freemium
- Open Source
Related news
External links
- Desktop version 2024.10.0 is no longer free softwareGitHub • Official source
- Concerns Raised Over Bitwarden Moving Further Away From Open-SourcePhoronix
- Bitwarden version 2024.10.0 is no longer free softwareLobsters
- Bitwarden is no longer free softwareHacker News
Comments
Lmao people really didnt like my comment about never looking back when i switched away from Bitwarden to Keepass. You can easily manually sync your own offline vault to any device easily.
If the appeal of Bitwarden is ONLY sync, then you need to look around and be a bit more open minded.
UPDATE: They caved to the pressure, the SDK was relicensed from proprietary to GPLv3. Some people are still offended that it happened in the first place, but it's published now.
https://news.ycombinator.com/item?id=41940580
It's not as bad as this suggests apparently. It's just their enterprise SDK. Their CTO replied on both Reddit and Github that it's not really an issue for normal end users and part of it is to ensure their SDK is used correctly. I don't know all the details fully but it sounds like this was genuinely an overblown knee-jerk reaction to something that isn't truly an anti-open-source move. Like I said I don't know the details but users seemed to have calmed down since last night and are OK with the direction things are going. Best to check it out before getting too worried. But don't take my word for it.
I agree, I don't want to overreact and will remain patient to see the big picture.
I suspect it may be a security issue too.
I would hate to see Bitwarden follow oown OpenAI's path.
It's always like this, the second a company becomes too popular, they become greedy and betrays what made them popular on the first place.
Except we don't know that's what's going on. Maybe there is a security reason for this.
Switched away from Bitwarden a long time ago and never looked back, personally dont see the appeal of it compared to Keepass for example.
It syncs across all devices, this alone makes it worthwhile. The only other comparable is Proton Pass which is much more expensive.
You can make anything that is available offline, sync across devices. That isnt enough of a justification for Bitwarden. I sync my Keepass vault to all of my devices.
I'm a big fan of Bitwarden and have placed a lot of trust in it, even with becoming a premium user by throwing the $10 annual at them. I hope they do the right thing. If they go proprietary, I would have to pack my bags. I'll be monitoring the situation as well, as I don't want to jump the gun.