What Really Happened To Bitwarden
Summary
TLDRBitwarden’s transition to an 'open-core' model has sparked controversy within the open-source community. While the core software remains open-source, a new proprietary SDK dependency for the 2024.10.0 desktop version raises concerns about licensing. This SDK, governed by a source-available license, restricts developers from creating alternative Bitwarden implementations. Despite Bitwarden's assertion that the SDK is a separate program and their software still aligns with GPL standards, the integration of proprietary elements has led to confusion and frustration. Users debate whether Bitwarden remains true to open-source principles, with some considering alternatives or forks.
Takeaways
- 😀 Bitwarden 2024.10.0 introduces a new proprietary SDK dependency that has sparked confusion and criticism within the open-source community.
- 😀 The new SDK comes with restrictive licensing clauses, preventing its use in non-Bitwarden projects and violating key open-source freedoms, including Freedom 0.
- 😀 Despite being marketed as an open-source project, Bitwarden operates under an 'open core' model, where the core is open-source, but additional proprietary features exist.
- 😀 The 'open core' model blends free software with proprietary components, and Bitwarden's SDK is an example of this practice.
- 😀 Some users mistakenly believed Bitwarden was fully open-source, leading to frustration when the SDK dependency was revealed.
- 😀 Bitwarden's licensing model, with its mix of GPL and proprietary Bitwarden licenses, has led to confusion about what qualifies as 'open-source' within the project.
- 😀 The inclusion of the proprietary SDK in the build process means Bitwarden can no longer be considered entirely open-source or free software.
- 😀 The community backlash has been intense, with many users calling for a fork or looking to abandon Bitwarden in favor of alternative solutions.
- 😀 Bitwarden has confirmed that the SDK dependency is not a bug but a deliberate choice and is necessary for building their software.
- 😀 The CTO of Bitwarden stated that they aim to maintain GPL compatibility, despite concerns that the proprietary SDK makes this difficult.
- 😀 Legal and technical issues, such as compatibility with F-Droid's FOSS policy, arise from the introduction of the SDK and its license, potentially limiting Bitwarden's distribution on such platforms.
Q & A
What is the main issue with Bitwarden's desktop version 2024.10.0?
-The main issue is that the desktop version now includes a new SDK dependency that is licensed under a proprietary Bitwarden License (v1.0), which restricts the use of the SDK to Bitwarden-related applications, making the software less open than before.
What does the new SDK dependency mean for Bitwarden's open-source status?
-The introduction of the SDK with a proprietary license means that Bitwarden can no longer be considered fully open-source. It shifts towards an 'open-core' model, where the core software is open-source, but certain features and dependencies are proprietary.
What is the difference between 'open-source' and 'source available' software?
-'Open-source' software allows users to modify and redistribute the code freely for any purpose, in line with the principles of the Open Source Initiative (OSI). 'Source available' software, while the source code may be visible, restricts the use or modification of the code, often for commercial or competitive reasons, which limits its freedom.
How does the SDK license restrict Bitwarden's users?
-The SDK license specifically prohibits users from using the SDK to develop non-Bitwarden implementations, which restricts the freedom to modify and create alternative versions of Bitwarden, violating key freedoms of open-source software.
How does Bitwarden's licensing model compare to GitLab's?
-Bitwarden and GitLab both use an 'open-core' model. The core project is open-source, but additional proprietary features are added on top for enterprise or commercial use. While the core project remains open-source, the extra features are often not available under open-source licenses.
Why is the SDK required for building Bitwarden clients?
-The SDK is necessary for building all Bitwarden clients, including the desktop, browser, CLI, and web clients. Without it, users are unable to compile the Bitwarden application correctly, as the SDK contains crucial dependencies for the functionality of these clients.
What does the Bitwarden CTO say about the licensing issue?
-The CTO acknowledges that the SDK license issue has caused confusion and confirms that Bitwarden is working on resolving the issue. They emphasize that the SDK is used to maintain GPL compatibility, though this has raised concerns about the open-source nature of Bitwarden.
How did the community react to Bitwarden's licensing change?
-The community largely reacted negatively, with many users expressing frustration and suggesting they might leave Bitwarden or fork it. Some argued that this was a step back for open-source software, while others had more nuanced opinions, recognizing Bitwarden's mixed open-core model.
What are the implications of the 'open-core' model for self-hosting?
-The 'open-core' model can make self-hosting more complicated, as users may expect full freedom to modify and deploy the software on their own servers. With proprietary components now integrated into Bitwarden, users might find themselves unable to self-host certain features or have to deal with limitations on customizations.
What is the significance of the Bitwarden License v1.0 in the context of this change?
-The Bitwarden License v1.0 governs certain parts of the Bitwarden project, including the SDK. It is a 'source available' license, which means the code is available for inspection but with restrictions that limit modification and redistribution, marking a clear departure from the fully open-source approach.
Outlines
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenMindmap
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenKeywords
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenHighlights
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenTranscripts
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführen5.0 / 5 (0 votes)