Announcement

Collapse
No announcement yet.

Concerns Raised Over Bitwarden Moving Further Away From Open-Source

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • klh_io
    replied
    Originally posted by trapexit View Post
    Who cares if they got "free marketing"? They literally give you the software for free. This is exactly the kind of entitled behavior that makes modern OSS authorship and maintenance suck.
    ​​
    I obviously care, otherwise I wouldn't be writing what I wrote. The involved companies also care, otherwise they wouldn't make it part of their marketing strategy with "Open Source" slapped all over their websites (when they were OSS). If they switch away from an OSS license, it's no longer OSS authorship and maintenance.

    Originally posted by trapexit View Post

    You act like this is some nefarious plan and I see no evidence with any of these companies that was the case. What I see is companies, often started by original authors of the software or closely related, getting into a bind and trying to walk back things. And it's their right to do so. Even if it was part of their plan... so what? You got a bunch of free code. They owe you nothing. Read the license.

    Where in my message did I say (F)OSS maintainers/developers owe anyone anything? You seem confused - we are talking about a for-profit corporation. There are no contributors or maintainers, just employees.

    I also didn't say it was their plan from the start (though in the case of Redis it definitely was and the company has nothing to do with the original author) and it doesn't matter. You seem to care too much about the price tag.

    If you did read the license as you recommend, you'd know "walking things back" is not something they would be able to do without a separate copyright-transferring CLA.

    Originally posted by trapexit View Post
    I have values. And those values include believing you don't get to dictate what other people do with their time and labor. Appreciating what they release to the world without requiring compensation. Not looking a gift horse in the mouth.

    You are confusing freeware with open source. What you describe is not values, it's being happy with whatever happens as long as you don't have to pay for it. People like you are the reason the general public is needy and acts entitled towards open source - it's all about the transaction instead of a community around the project.

    Thankfully the people behind Bitwarden have actual values and doubled down on a proper FOSS license.

    Leave a comment:


  • ZenoArrow
    replied
    Originally posted by ping500 View Post

    I meant KeepassXC and its mobile counterparts are less polished than 1Password. I was happily using 1Password until browser extension for its last non-subscription version stopped working.
    Less polished in what way? In terms of appearance or functionality?

    Leave a comment:


  • HEX0
    replied
    I've been using gopass for many years.
    It's a Golang implementation of Unix pass which was written in Bash.

    Gopass is compatible with pass and Android Password Store.
    Unfortunately Android Password Store recently was archived and is unmaintained.

    Gopass is a pretty good password manager for the terminal. Supports Wayland and xorg clipboard. Supports OTP and other things. Has a smart completion. While being GPG based isn't very user friendly it never failed me. I don't sync my passwords to a git repo. But I copied the password database and gpg keys to my phone and imported to Android Password Store and Open Key chain apps and it served me well for many years without a fault.

    I tested and gopass works on Termux too. I might need to use that since Password Store project is dead now.
    Last edited by HEX0; 25 October 2024, 08:00 AM.

    Leave a comment:


  • catpig
    replied
    Btw they made the promised changes. I can't comment on whether this returns the situation to the previous status quo since I don't use bitwarden as I have no need for it. From the bug report that was referenced here:

    "thanks again for submitting the concern here. We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included. The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

    The original sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there."

    Leave a comment:


  • ping500
    replied
    Originally posted by ZenoArrow View Post

    What do you miss from 1Password?
    I meant KeepassXC and its mobile counterparts are less polished than 1Password. I was happily using 1Password until browser extension for its last non-subscription version stopped working.

    Leave a comment:


  • ZenoArrow
    replied
    Originally posted by ping500 View Post

    I used 1Password for years, until they forced subscription-based model and their own synchronization servers. I wanted neither, so I moved to KeepassXC. It is not as polished sadly
    What do you miss from 1Password?

    Leave a comment:


  • intelfx
    replied
    Originally posted by Espionage724 View Post

    What's the discipline that makes trusting others with my passwords better than protecting my passwords myself?
    The same one that disallows making strawmen out of thin air in order to defend one's biases

    Leave a comment:


  • Espionage724
    replied
    Originally posted by intelfx View Post

    Some of us treat opsec as an engineering discipline rather than a religion with taboos and commandments
    What's the discipline that makes trusting others with my passwords better than protecting my passwords myself?

    Leave a comment:


  • ping500
    replied
    Originally posted by mdedetrich View Post

    I use 1Password, its not open source but it has a well written client for whatever OS you can think of which is critical for me.
    I used 1Password for years, until they forced subscription-based model and their own synchronization servers. I wanted neither, so I moved to KeepassXC. It is not as polished sadly

    Leave a comment:


  • mdedetrich
    replied
    Originally posted by hex-m View Post
    I'd suggest either KeePassXC (using your preferred file sync service) or Proton Pass (if you are fine with depending on external infrastructure.

    Regarding forking: with Keyguard, there already exists an independent client-implementation. That may be an option too.
    I use 1Password, its not open source but it has a well written client for whatever OS you can think of which is critical for me.

    Leave a comment:

Working...
X