Bitwarden clarifies open source commitment amid user concerns

3 weeks ago

Bitwarden has sought to calm personification backlash successful nan aftermath of root codification changes that had raised concerns among users.

Phoronix readers precocious flagged concerns astir nan company's evident displacement distant from an unfastened root model. The password manager level has traditionally operated connected a ‘freemium’ model, providing immoderate codification arsenic unfastened source.

But a propulsion petition earlier successful October 2024 raised eyebrows owed to nan truth nan Bitwarden customer introduced a “bitwarden/sdk-internal” dependence to nan desktop client.

Bitwarden changes

The firm’s licence connection noted: “You whitethorn not usage this SDK to create applications for usage pinch package different than Bitwarden (including non-compatible implementations of Bitwarden) aliases to create different SDK.”

This connection successful peculiar prompted speculation that nan move could mean nan Bitwarden customer would nary longer beryllium freely disposable to users, pinch a GitHub issue further fueling speculation complete nan rumored move.

It looks for illustration this is portion of a deliberate run by Bitwarden to afloat modulation Bitwarden to proprietary software, contempt consistently advertizing it arsenic unfastened source, without informing customers astir this change,” 1 personification wrote.

“For wherever nan sentiment of 1 personification is worth, I’ve switched distant from Bitwarden owed to this.”

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

While first concerns were raised, Bitwarden has since clarified nan issue. In a remark connected GitHub, Bitwarden laminitis and CTO Kyle Spearrin sought to calm personification concerns, commenting this was nan consequence of a ‘packaging bug’.

Spearrin confirmed that Bitwarden has “made immoderate adjustments” to really nan SDK codification is organized and packaged. This will let users to proceed building and moving nan app pinch only GPL/OSI licenses included, Spearrin added.

“The sdk-internal package references successful nan clients now travel from a caller sdk-internal repository, which follows nan licensing exemplary we person historically utilized for each of our clients,” he said.

“The sdk-internal reference only uses GPL licenses astatine this time. If nan reference were to see Bitwarden License codification successful nan future, we will supply a measurement to nutrient aggregate build variants of nan client, akin to what we do pinch web vault customer builds,” Spearrin added.

Following nan move, nan original sdk repository will beryllium renamed to ‘sdk-secrets’, Spearrin revealed. This will clasp its existing Bitwarden SDK License building for nan platform’s secrets head business products.

“The sdk-secrets repository and packages will nary longer beryllium referenced from nan customer apps, since that codification is not utilized there."

Open root licensing concerns continue

While Spearrin and Bitwarden person since clarified nan changes, personification concerns complete a imaginable displacement distant from unfastened root licensing aren’t without justification.

A big of unfastened root solutions providers successful caller years person made daze moves distant from unfastened licensing to much restrictive position of use, specified arsenic MongoDB.

In 2023, HashiCorp sparked disapproval from immoderate manufacture stakeholders aft it changed its root codification licence to nan Business Source License (BSL).

More recently, Redis again prompted disapproval erstwhile it revealed early Redis releases were to beryllium made disposable nether RSALv2 (Redis Source Available License) and SSPLv1 (Server Side Public License) licenses.