this post was submitted on 20 Oct 2024
627 points (87.4% liked)

Technology

59317 readers
5904 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
627
Concerns Raised Over Bitwarden Moving Further Away From Open-Source (www.phoronix.com)
submitted 3 weeks ago by AsudoxDev@programming.dev to c/technology@lemmy.world
204 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] ShittyBeatlesFCPres@lemmy.world 129 points 3 weeks ago (25 children)

Oh, for fuck’s sake. Can we have a decent password manager that isn’t tied to a browser or company? I pay for Bitwarden. I’m not being cheap. But open source is more secure. We can look at the code ourselves if there’s a concern.

[–] wetsuiterest@lemmy.blahaj.zone 28 points 3 weeks ago (1 children)

Keepassxc? Vaultwarden?

[–] pmc@lemmy.blahaj.zone 18 points 3 weeks ago (2 children)

Isn't Vaultwarden used with non-free Bitwarden clients?

[–] bilb@lem.monster 3 points 3 weeks ago (2 children)

This need not be the case, though! There's an open source client on Android called Keyguard. I don't think the desktop app was at all useful anyway. You can just log into your Vaultwarden through any browser. The desktop app is pointless.

[–] 486@lemmy.world 2 points 3 weeks ago

Keyguard isn't open source. Have a look at their license. It just says "All rights reserved".

[–] SaharaMaleikuhm@feddit.org 2 points 3 weeks ago

True, but the firefox extension is nice.

[–] fmstrat@lemmy.nowsci.com 2 points 3 weeks ago (1 children)

The clients are free.

[–] pmc@lemmy.blahaj.zone 21 points 3 weeks ago (3 children)

They now require a non-free Bitwarden SDK component. That's what this whole conversation is about.

[–] aisteru@lemmy.aisteru.ch 2 points 3 weeks ago (1 children)

Could you ELI5 please?

[–] AsudoxDev@programming.dev 7 points 3 weeks ago

"You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK."

This is a condition when using their SDK. This is not considered a free (as in freedom) component because it violates freedom 0: https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 weeks ago

And the whole conversation is about a bug, not a change in direction...

Update: Bitwarden posted to X this evening to reaffirm that it's a "packaging bug" and that "Bitwarden remains committed to the open source licensing model."

[–] fmstrat@lemmy.nowsci.com 1 points 3 weeks ago

Only the desktop client. And the response is that not being able to compile sans SDK is an issue they will resolve.

I still think this is bad directionally, but we need to see what happens.

load more comments (23 replies)