Bitwarden isn’t going proprietary after all. The company has changed its license terms once again – but this time, it has switched the license of its software development kit from its own homegrown one to version three of the GPL instead.

The move comes just weeks after we reported that it wasn’t strictly FOSS any more. At the time, the company claimed that this was just a mistake in how it packaged up its software, saying on Twitter:

It seems like a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users.

Now it’s followed through on this. A GitHub commit entitled “Improve licensing language” changes the licensing on the company’s SDK from its own license to the unmodified GPL3.

Previously, if you removed the internal SDK, it was no longer possible to build the publicly available source code without errors. Now the publicly available SDK is GPL3 and you can get and build the whole thing.

  • @[email protected]
    link
    fedilink
    English
    30118 days ago

    Wow, a commercial open source product that COULD have pulled a rugpull, looked for all the world like they were planning a rugpull, just uh, did the right thing?

    Good job, Bitwarden.

    • @gsfraley
      link
      English
      7818 days ago

      I know, it’s a huge relief seeing this as someone who uses the free tier. I think I’ll cough up for the advanced tier if they stick to their guns on this decision.

    • @[email protected]
      link
      fedilink
      English
      5218 days ago

      I’m sure all the folks who were quick to ignore or dismiss their clarification of the packaging issue at the time will be just as quick to make comments like these as they were to skewer them then.

      • @[email protected]
        link
        fedilink
        English
        7
        edit-2
        16 days ago

        I tried convincing people to give them the benefit of the doubt and see what they do, but no, everyone seemed to jump to conclusions.

        Glad my trust wasn’t misplaced this time. I have been and continue to be a paying customer.

        • @baatliwala
          link
          English
          816 days ago

          everyone seemed to jump to conclusions.

          Honestly, everyone’s been so burned by companies pulling the wool over their eyes that there’s just no trust left. People were happy with Mozilla 5-6 years ago and nowadays everyone is a skeptic.

          You might be right in this case but they weren’t wrong.

          • @[email protected]
            link
            fedilink
            English
            316 days ago

            I get it, some orgs/projects do bad things, and we should absolutely roast them for it. But I believe in giving the benefit of the doubt for a period before melting down.

            For example:

            • Mozilla - looking into ads (and have been for a few years) as an alternative revenue source to Google search; I hate ads, but the browser is still better for me than others, so I’ll wait to see what they are planning
            • Docker - moved to a commercial tier, but their community tier is still quite viable, so I still use it; I’m experimenting w/ alternatives, but I don’t need to jump ship just yet (was getting ready a few years ago when they announced the separate “community” builds)
            • Opera - was never FOSS, but they were a good browser when they had their own engine; that changed, so I jumped ship and went back to Firefox (had left Firefox because I wanted more than just IE/Chrome/Firefox/Safari)
            • Ubuntu - I used them for a while, but they kept making changes I and the community didn’t like, so I bailed; this was long before the current snap nonsense, and I’ve stayed away ever since (switched to Fedora then Arch and now openSUSE)

            When a software project you use changes for the worse, look for alternatives, but give that product time to fix it. If they continue on the negative path, then definitely bail. If everyone bails at the first hint of trouble, we end up with a ton of half-baked projects instead of a few good ones. Give feedback and support good projects.

            • @baatliwala
              link
              English
              216 days ago

              Yep, you’re right there.

        • @[email protected]
          link
          fedilink
          English
          2
          edit-2
          16 days ago

          but no, everyone seemed to jump to conclusions

          And I’m certain that it has served as the catalyst for the bitwarden decision.

          • @[email protected]
            link
            fedilink
            English
            1
            edit-2
            16 days ago

            I disagree, but unfortunately, we will probably never know. That said, I’m not against the outrage, I’m just against the conclusions. You don’t need to immediately abandon a project at the slightest hint they’re moving in a direction you don’t like, what you should do is start watching that project a bit more closely to see if they correct or they make additional changes you don’t like.

            We should be taking the rational approach instead of the reactionary approach, but social media in general seems to love reacting instead. I’ve abandoned projects that went a direction I don’t like, but I usually give them a few months after the first sign of problems. I’m currently doing that w/ Mozilla and I want to see what they do with their advertising push before jumping ship.

    • @njordomir
      link
      English
      1517 days ago

      I will remember this, even more so because of the confused drama that preceded it. In general, I find it difficult for me to endorse any commercial entity, but Bitwarden has my admiration and I will continue to offer it as a better alternative to people I see storing their passwords in Chrome or Lastpass. I’m also happy to pay a bit to support a good product and will continue to support the development even if I switch to self-hosted at some point.

  • @BassTurd
    link
    English
    4717 days ago

    I’m so glad this happened. I really wanted to believe them when they said it was an error and would corrected. It appears that in relatively short order they addressed the issue, gave an explanation, an expectation, then nailed it. I hate when I recommend something, then have to backtrack because they changed.

  • @radamant
    link
    English
    417 days ago

    I think I’m still switching to keepassxc, but I’ll still recommend bitwarden to normal people (and my bitwarden account is paid til 2027 anyway, lol)

    • @[email protected]
      link
      fedilink
      English
      416 days ago

      Keepassxc is great if you don’t need to synchronize passwords across too many locations and do not require anything where state matters (mostly related to stuff like yubikeys). It DOES have the vulnerability in that a bad actor has infinite time to crack it should they get a hold of the file whereas bitwarden still lives on a server.

      But they are very different products with very different capabilities. Whether someone needs bitwarden over keepass is going to be a question of use cases.

  • @[email protected]
    link
    fedilink
    English
    -4718 days ago

    Call me cynical, but I don’t think it was a “packaging bug”. I think they felt the backlash from their users. I mean, it’s still great and now I’ll go back to using their app.

    • RubberDuck
      link
      English
      7318 days ago

      Never attribute to malice what can just as easily be explained by incompetence.

    • @[email protected]
      link
      fedilink
      English
      3517 days ago

      There was a really good explanation by a rando about how it happened. Seems a dev made a mistake when publishing a change.

      Apparently bitwarden immediately changed internal procedure for publishing changes.

    • Bezier
      link
      fedilink
      English
      617 days ago

      I expected the same by default, but after learning more I find it unlikely. They had a pretty good explanation for it being a mistake.

      • @[email protected]
        link
        fedilink
        English
        -316 days ago

        Cry me a river. Fucking internet weebs, one can’t even express their opinion without everyone whining about it. Lmao.

        • @[email protected]
          link
          fedilink
          English
          216 days ago

          You can express your opinion, but other people can criticize it. It’s just how these sites work.

        • @[email protected]
          link
          fedilink
          English
          0
          edit-2
          16 days ago

          You literally asked us to call you cynical, dumdum. Why are you asking for something and then getting butthurt when it’s provided? That’s what toddlers do.