this post was submitted on 05 Nov 2024
409 points (99.0% liked)

Technology

59120 readers
2670 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
409
Bitwarden switches password manager and SDK to GPL3 (www.theregister.com)
submitted 1 day ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world
22 comments fedilink hide all child comments
 

Bitwarden isn't going proprietary after all. The company has changed its license terms once again – but this time, it has switched the license of its software development kit from its own homegrown one to version three of the GPL instead.

The move comes just weeks after we reported that it wasn't strictly FOSS any more. At the time, the company claimed that this was just a mistake in how it packaged up its software, saying on Twitter:

It seems like a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users.

Now it's followed through on this. A GitHub commit entitled "Improve licensing language" changes the licensing on the company's SDK from its own license to the unmodified GPL3.

Previously, if you removed the internal SDK, it was no longer possible to build the publicly available source code without errors. Now the publicly available SDK is GPL3 and you can get and build the whole thing.

top 22 comments
sorted by: hot top controversial new old
[–] schizo@forum.uncomfortable.business 246 points 1 day ago (3 children)

Wow, a commercial open source product that COULD have pulled a rugpull, looked for all the world like they were planning a rugpull, just uh, did the right thing?

Good job, Bitwarden.

[–] gsfraley@lemmy.world 66 points 1 day ago (1 children)

I know, it's a huge relief seeing this as someone who uses the free tier. I think I'll cough up for the advanced tier if they stick to their guns on this decision.

[–] TheHobbyist@lemmy.zip 45 points 1 day ago

This. I will resume my recommendation of Bitwarden.

[–] octopus_ink@lemmy.ml 49 points 1 day ago (1 children)

I'm sure all the folks who were quick to ignore or dismiss their clarification of the packaging issue at the time will be just as quick to make comments like these as they were to skewer them then.

[–] sugar_in_your_tea@sh.itjust.works 4 points 6 hours ago* (last edited 6 hours ago) (2 children)

I tried convincing people to give them the benefit of the doubt and see what they do, but no, everyone seemed to jump to conclusions.

Glad my trust wasn't misplaced this time. I have been and continue to be a paying customer.

[–] baatliwala@lemmy.world 1 points 2 hours ago

everyone seemed to jump to conclusions.

Honestly, everyone's been so burned by companies pulling the wool over their eyes that there's just no trust left. People were happy with Mozilla 5-6 years ago and nowadays everyone is a skeptic.

You might be right in this case but they weren't wrong.

[–] Llewellyn@lemm.ee 1 points 5 hours ago* (last edited 5 hours ago)

but no, everyone seemed to jump to conclusions

And I'm certain that it has served as the catalyst for the bitwarden decision.

[–] njordomir@lemmy.world 15 points 1 day ago

I will remember this, even more so because of the confused drama that preceded it. In general, I find it difficult for me to endorse any commercial entity, but Bitwarden has my admiration and I will continue to offer it as a better alternative to people I see storing their passwords in Chrome or Lastpass. I'm also happy to pay a bit to support a good product and will continue to support the development even if I switch to self-hosted at some point.

[–] BassTurd@lemmy.world 41 points 1 day ago

I'm so glad this happened. I really wanted to believe them when they said it was an error and would corrected. It appears that in relatively short order they addressed the issue, gave an explanation, an expectation, then nailed it. I hate when I recommend something, then have to backtrack because they changed.

[–] radamant@lemmy.world 3 points 22 hours ago (1 children)

I think I'm still switching to keepassxc, but I'll still recommend bitwarden to normal people (and my bitwarden account is paid til 2027 anyway, lol)

[–] NuXCOM_90Percent@lemmy.zip 3 points 9 hours ago (1 children)

Keepassxc is great if you don't need to synchronize passwords across too many locations and do not require anything where state matters (mostly related to stuff like yubikeys). It DOES have the vulnerability in that a bad actor has infinite time to crack it should they get a hold of the file whereas bitwarden still lives on a server.

But they are very different products with very different capabilities. Whether someone needs bitwarden over keepass is going to be a question of use cases.

[–] redditReallySucks@lemmy.dbzer0.com 4 points 3 hours ago

I use syncthing to sync my db and it works really well.

[–] compostgoblin 72 points 1 day ago* (last edited 1 day ago)

Pretty cool, good on ya Bitwarden