Password Manager Bitwarden Makes Changes to Address Concerns Over Open Source Licensing (github.com)
(Saturday October 26, 2024 @11:34AM (EditorDavid)
from the managing-password-managers dept.)
- Reference: 0175326435
- News link: https://news.slashdot.org/story/24/10/26/0525224/password-manager-bitwarden-makes-changes-to-address-concerns-over-open-source-licensing
- Source link: https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977
Bitwarden describes itself as an "open source password manager for business." But it also made a change its build requirement which led to an issue on the project's GitHub page titled " [1]Desktop version 2024.10.0 is no longer free software ."
In the week that followed Bitwarden's [2]official account on X.com promised a fix was coming. "It seems a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users." And Thursday Bitwarden followed through with [3]new changes to address the concerns .
[4]The Register reports the whole episode started because of a new build requirement added in a pull request a couple of weeks ago titled " [5]Introduce SDK client ."
> This SDK is required to compile the software from source — either the Bitwarden server or any of its client applications... [But the changed license had warned "You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK."]
Phoronix [6]picks up the story :
> The issue of this effectively not making the Bitwarden client free software was raised [7]in this GitHub issue ... Bitwarden founder and CTO Kyle Spearrin has [8]commented on the ticket ... "Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug." The ticket was subsequently locked and limited to collaborators.
And Thursday it was Bitwarden founder and CTO Kyle Spearrin who [9]again re-appeared in the Issue — first thanking the user who had highlighted the concerns. "We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included."
> The sdk-internal package references in the clients now come from a new [10]sdk-internal repository , which follows the licensing model we have historically used for all of our clients (see [11]LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.
>
> The original [12]sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.
[1] https://github.com/bitwarden/clients/issues/11611
[2] https://x.com/josh_wenke/status/1848107133965136318
[3] https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977
[4] https://www.theregister.com/2024/10/24/bitwarden_foss_doubts/
[5] https://github.com/bitwarden/clients/pull/10974
[6] https://www.phoronix.com/news/Bitwarden-Open-Source-Concerns
[7] https://github.com/bitwarden/clients/issues/11611
[8] https://github.com/bitwarden/clients/issues/11611#issuecomment-2424865225
[9] https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977
[10] https://github.com/bitwarden/sdk-internal
[11] https://github.com/bitwarden/server/blob/main/LICENSE_FAQ.md
[12] https://github.com/bitwarden/sdk
In the week that followed Bitwarden's [2]official account on X.com promised a fix was coming. "It seems a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users." And Thursday Bitwarden followed through with [3]new changes to address the concerns .
[4]The Register reports the whole episode started because of a new build requirement added in a pull request a couple of weeks ago titled " [5]Introduce SDK client ."
> This SDK is required to compile the software from source — either the Bitwarden server or any of its client applications... [But the changed license had warned "You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK."]
Phoronix [6]picks up the story :
> The issue of this effectively not making the Bitwarden client free software was raised [7]in this GitHub issue ... Bitwarden founder and CTO Kyle Spearrin has [8]commented on the ticket ... "Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug." The ticket was subsequently locked and limited to collaborators.
And Thursday it was Bitwarden founder and CTO Kyle Spearrin who [9]again re-appeared in the Issue — first thanking the user who had highlighted the concerns. "We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included."
> The sdk-internal package references in the clients now come from a new [10]sdk-internal repository , which follows the licensing model we have historically used for all of our clients (see [11]LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.
>
> The original [12]sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.
[1] https://github.com/bitwarden/clients/issues/11611
[2] https://x.com/josh_wenke/status/1848107133965136318
[3] https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977
[4] https://www.theregister.com/2024/10/24/bitwarden_foss_doubts/
[5] https://github.com/bitwarden/clients/pull/10974
[6] https://www.phoronix.com/news/Bitwarden-Open-Source-Concerns
[7] https://github.com/bitwarden/clients/issues/11611
[8] https://github.com/bitwarden/clients/issues/11611#issuecomment-2424865225
[9] https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977
[10] https://github.com/bitwarden/sdk-internal
[11] https://github.com/bitwarden/server/blob/main/LICENSE_FAQ.md
[12] https://github.com/bitwarden/sdk
"only uses GPL licenses at this time" (Score:4, Funny)
"Damnit, they noticed. We'll try again later."