Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

  • @asap
    link
    English
    0
    edit-2
    1 month ago

    Sorry that’s my mistake - I should have said “source available”, rather than “open source”. IMO, being source available is the critical component of a password manager like Bitwarden, and is what I meant when I referred to their main competitive advantage.

    They might also choose to be open source and fix this specific issue and return to GPL-compatibility, but remaining source available would seem to be the more critical factor.

    • @cmhe
      link
      21 month ago

      So you meant to say:

      I would go as far as to say that Bitwarden’s main competitive advantage and differentiation is that it’s source is available.

      That is not true, there are a lot of other password management software out there where the client source code is either open source or source available. For instance keyguard: https://github.com/AChep/keyguard-app?tab=License-1-ov-file#readme which is an alternative proprietary bitwarden client, where the source is also available. Also the Proton Pass client is under GPLv3.

      I would argue that the main advantage of bitwarden compared to others is that it is open source and has an open source server for self-hosting (vaultwarden). Which of course makes it difficult in terms of business strategy with their VC funding. But maybe becoming a non-profit org and getting money from donors, the strategic funds of EU and other governments, etc. might be an alternative way.

      • @asap
        link
        English
        1
        edit-2
        1 month ago

        I’m not aware of any other enterprise password management where the server source is available and auditable. Proton certainly is not.