Bitwarden SDK relicensed from proprietary to GPLv3

1. clients

   1 195 10,193 10.0 TypeScript

   Bitwarden client apps (web, browser extension, desktop, and cli).

   

   Someone else linked the GitHub issue that triggered this change and most of the replies are in the same tone as the comment you're responding to.

   Which is all the more ridiculous as this looks like it wasn't really a big license change decision but more of a "forgot to change the license on a component from our internal default". Assuming malice seems like the most boneheaded reaction to this given that there are no other indications Bitwarden was trying to do anything nefarious and the previous license state would have made every single library or tool depending on it non-free.

   This is different from criticisms of Mozilla for example which often boil down to "Mozilla positioned itself as privacy-focused but adds a privacy-violating feature you have to opt out of while claiming it's actually fine". Bitwarden never was 100% FLOSS to begin with but introducing downstream license problems is clearly against their own interest. Unless you believe Bitwarden is run by evil idiots who do evil things for no good reason (business or otherwise) whatsoever and then quickly cover their tracks only when called out, "oops" is the only explanation that passes the sniff test.

   Here's what someone from Bitwarden said in that issue:

   https://github.com/bitwarden/clients/issues/11611#issuecomme...

   I think the submission should be rephrased as "Bitwarden SDK fixed license of sub-component" or something. Which of course sounds less bold and interesting and newsworthy because it really isn't.

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. sdk-sm

   2 7 304 9.1 Rust

   Bitwarden Secrets Manager SDK.

   

   > [O]ur goal is to make sure that the SDK is used in a way that maintains GPL compatibility.

   This does, though:

   https://github.com/bitwarden/sdk/issues/898#issuecomment-242...

   It seems they reconsidered after the change impacted their F-Droid release. They've always been Open Core not fully Open Source so the SDK not being OSS isn't surprising. It just seems like they didn't think about the consequences of integrating a non-OSS SDK into their OSS clients.

   Your first quote actually explicitly says that this incompatibility only became apparent after the fact:

   > one thought that came to mind in evaluating this

   So, yeah, a mistake although it's not so much they "forgot to change the license" but didn't consider which license it should use and stuck with the default.

   > There are no plans to adjust the SDK license at this time

   This doesn't mean it was an intentional choice or well thought out. It would have been pretty stupid to say "yeah, we actually just went with proprietary because it's the internal default and didn't think about the pros and cons of keeping it that way" so in lieu of wanting to make a decision then and there or signaling radio silence, that's just a standard corporate non-answer.

4. sdk-internal

   3 2 69 9.6 Rust

   Bitwarden internal SDK.

   

   Not entirely there yet ... Some parts of have been re-licensed, some have been licensed under the old non-free software SDK license. E.g,

   https://github.com/bitwarden/sdk-internal/commit/db648d7ea85...

5. pass-import

   4 422 847 8.0 Python

   A pass extension for importing data from most existing password managers

   

   I personally went (a year ago) to pass: https://www.passwordstore.org/.

   It just creates a git repository that I can back up wherever I want.

6. fdroiddata

   5 138 - -

   > forgot to change the license on a component from our internal default".

   Doesn't sound like a mistake:

   https://github.com/bitwarden/sdk/issues/898#issuecomment-222...

   > There are no plans to adjust the SDK license at this time. We will continue to publish to our own F-Droid repo at https://mobileapp.bitwarden.com/fdroid/repo/

   https://gitlab.com/fdroid/fdroiddata/-/merge_requests/15353#...

   > Additionally, one thought that came to mind in evaluating this that might make this not possible is that our rust SDK, a dependency, is not published under an OSS license. See https://github.com/bitwarden/sdk . I assume that is a problem that might disqualify us from the main [fdroid] repo still.

   https://gitlab.com/fdroid/fdroiddata/-/merge_requests/15353#...

   > At the moment, there are no plans to adjust the SDK license.

7. syncthing-android

   6 40 3,619 9.7 Java

   Syncthing-Fork - A Syncthing Wrapper for Android. (by Catfriend1)

   

8. sdk

   7 2 9 8.0 Rust

   Cross-platform SDK for a local-first, distributed encrypted database that can be used to build password managers, cryptocurrency wallets or other applications that require storing secrets securely. (by saveoursecrets)

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. Firefox-Passwords-Decryptor

    8 2 205 4.6 Go

    Extracts and decrypts passwords saved in Firefox.

    

    If you don't use a master password, it's unsafe. And even with master password, I vaguely remember it's not that safe either, but that might be outdated info.

    https://github.com/Sohimaster/Firefox-Passwords-Decryptor

11. onedrive

    9 170 10,904 9.4 D

    OneDrive Client for Linux

    

    I use the Strongbox app on iOS [0] and the KeepassXC app my Linux laptop. The passwords.kdbx file sits on my Onedrive, which the Strongbox app can access. On Linux I use a Onedrive client [0] that I use to sync several folders within my home folder. Strongbox supports both Keepass and pwSafe database formats. It also integrates well with iOS, with autofill supported (also supports Yubikey unlock and Apple Watch unlock).

    [0] https://apps.apple.com/app/strongbox-password-manager/id8972...

    [1] https://abraunegg.github.io/

12. vaultwarden

    10 507 44,497 9.1 Rust

    Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

    

    Old versions of vaultwarden broke recently (for just about everyone?) due to incompatible changes on the iOS client.

    Breakage is not ideal, but here's how they handled the second, more subtle compatibility break:

    https://github.com/dani-garcia/vaultwarden/issues/5069

    I haven't worked up the courage / time to back up my database and upgrade the docker container; will probably get to it this weekend. However, I can't imagine using bitwarden with the official server (too bloated to be trustworthy), or with their cloud thing. I got burnt by lastpass. I'm not putting my passwords in a giant high-value target again.

13. FancyGorillaPasswordManager

    11 1 0 5.0 JavaScript

    A prototype of a serverless password database

    

14. KeeWeb

    12 61 12,558 8.5 HTML

    Free cross-platform password manager compatible with KeePass

    

    It is actually sort of how I used it as well, though through nextcloud. It did still remain a hassle. It also requires all different apps to be maintained and equally safe.

    Keeweb for example has not had an active maintainer since 2022 https://github.com/keeweb/keeweb/issues/2022

15. Strongbox

    13 69 1,380 6.6 Objective-C

    A KeePass/Password Safe Client for iOS and OS X

    

    I think most Strongbox users did not notice it turned proprietary. It's not like Strongbox advertised the change :)

    Context: https://github.com/strongbox-password-safe/Strongbox/issues/...

Suggest a related project