this post was submitted on 20 Oct 2024
536 points (95.7% liked)

Open Source

31372 readers
190 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 1 month ago (1 children)

Uh oh. Android user here. Time to jump ship? If so...proton??

[–] [email protected] 5 points 1 month ago

As with all of their services, the back-end is closed-source.

For the purposes of user freedom, it's not that critical as the back-end merely facilitates the storage and synchronisation of encrypted data. This is different from the bitwarden case where they're now including freedom disrespecting code into the most critical part of their software: the clients which handle the unencrypted data.
Fact of the matter remains however that Proton Pass restricts your freedom by not allowing you to self-host it.

If you are fine with not being able to self-host, I'd say it's a good option though. Doubly so if you are already a customer of their other services.
Proton has demonstrated time and time again to act for the benefit of its users in the past decade and I see no incentive for them to stop doing so. I'd estimate a low risk of enshittification for Proton which is high praise for a company of their size.

[–] [email protected] 4 points 1 month ago

Okay, we'll I've been using vaultwarden. When should I switch to something new, and what's a good alternative?

[–] [email protected] 3 points 1 month ago

https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977

We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included. The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

https://github.com/bitwarden/sdk-internal/commit/db648d7ea85878e9cce03283694d01d878481f6b

Thank you to Bitwarden for relicensing a thing to GPLv3 License!

[–] [email protected] 3 points 1 month ago (6 children)

@bitwarden bitwarden locked and limited conversation to collaborators

They also locked the thread 16 hours ago (as of writing this comment), with no explanation.

load more comments (6 replies)
[–] [email protected] 2 points 1 month ago (2 children)

I just exported my data from BitWarden and imported into ProtonPass. Was pretty easy. Hate the color palette of the app and browser extension though, lol.

load more comments (2 replies)
[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (10 children)

pass is enough (+ xdotool + rofi + pass-menu). Synchronization via git or Syncthing.

load more comments (10 replies)
load more comments
view more: ‹ prev next ›