But a lot of people don’t understand this point. For them Free in FOSS means Free as in price. Also if you see most proprietary software are also free because they implement ads to earning. This has caused a massive shift where people expect a software to be free without giving anything back to developers.
1 Like
To be fair, I think Bitwarden was already making some money. The Problem is they took 100million in VC funding, so they are forced to dramtically increase their profits.
Yeah, that’s why people should fund their favourite FOSS project more so that projects don’t have to beg from VCs which in long turn forces them to then change their entire structure, hence alienating old userbase.
2 Likes
I mean you are right, but at the same time, raising 100 million ? This seems like a receipt for disaster.
1 Like
Nope. They just make it seem that way on the surface.
Sounds like plenty of money to be financially viable for a long time and make a competitive product that can succeed against entrenched competitors.
Profit isn’t evil.
We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included. The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.
The original sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.
4 Likes
This seems like a fair response - unless there is more discussion, I think the above response answers it
2 Likes
Stop it, they said it was a bug, move on, I’m still loyal to BW, it’s still open source, every company that respects privacy at some point has had communication problems, Proton, Tuta, Signal, Firefox, DDG, Brave, Orqanic Maps, all of them…
And what are you going to do, change every time, at the slightest error in communication or misinterpretation by the community?
5 Likes
These are the kinds of maneuverings/claims that Microsoft makes, not your usual open source companies.
2 Likes
The BW team have said it was a bug/error that was misinterpreted, let’s give them the benefit of the doubt, they’ve been blameless up to now and they’ve stated several times on X, Reddit, Github that nothing was going to change, the matter is supposed to be closed now
I don’t understand why there are still people who expect companies to make no mistakes, no miscommunications, no bugs or anything else.
Nothing changes, trust is not supposed to erode, what more do you expect, it’s going to stay open source, everything’s fine
2 Likes
That news do not bother me at all, but I was curious about alternatives and actually I allready seen there is a Keyguard, but I did not knew it is a 3rd party Bitwarden client. One of my devices is old and slow and Bitwarden works bad, even crashes. Keyguard is so much better with all the same features and even more! I wonder why nobody ever mentioned this app?
- I believe they have clarified the situation. As I understand it the password manager is open source and the intention is to keep it open source. The proprietary parts are the enterprise and extended functions like Bitwarden Send.
- This is a common scenario. Some programmer far below senior management has a great idea, they can simplify the code base by merging all the different libraries into the SDK. Their immediate manager things “great idea lets do it”. Then when the community flags it the senior management becomes aware of it. The director or VP or whatever thinks “what are those idiots doing” goes down and points out to them that the password manager part is supposed to be open source, and that is the company model. The programmer who had the great idea goes “oops” and gets to undo all the merging they have done. I would think very few large projects would not have had something similar happen.
- As I understand it, there is no change here. The base password manager is open source and intended to be open source. The proprietary parts relate to enterprise and extended features and have been kept separate so that the password manager parts can be kept under GPL. All that has happened is that more people are aware that there are the 2 sets of code.
One of the issues with this forum is that there are many people who immediately react (knee jerk reaction) and start extrapolating a worst case scenario without gathering the facts. As I see it, someone within Bitwarden had what they thougth was a great idea, and actioned it and this time no one within the company caught it so it came into public view. The great thing is being open source it was possible for the community to see this and bring it to Bitwarden’s attention. They seem to have put it back on the correct path. I am sure there will be more such incidents in the future but as long as they are corrected, I see this as a normal part of development.
10 Likes
I translated what I wrote from French to English, maybe there was a misinterpretation, I didn’t mean to be disrespectful, I just wanted to say that officially it was a bug and that according to BW it was a misinterpretation by the community (which isn’t stupid) and that this kind of reaction can have harmful effects.
Even before the BW team had a chance to explain or defend themselves, loads of articles, posts, topics etc were published explaining that BW was no longer open source and that people should think about changing their password manager, whereas nothing is going to change, the trust remains the same, the open source aspect, everything…
The risk is that, in the long term, some people (newcomers) will form the wrong opinion or judgement about a solution because of a bug or misinterpretation, and I don’t think that helps the open source community.
We’ve had problems with Proton, Tuta, GOS, Signal, Firefox, Brave, DDG, Organic Maps, Linux etc.
Thanks for the summary, I completely agree, that’s what I meant, there’s no drama, nothing changes and that’s just as well, no need to over-react to officially misinterpret a bug by the community.
1 Like
Glad that they fix it promptly. I thought the incident was blown out of proportion too. That being said I’ve slowly looking into keepass since the incident.
The reason I’ve originally chosed to use bw was that i aren’t confident enough with my ability to secure and sync the database myself. Turns out it wasn’t that hard with few cloud storage in the mix. Still using bw though, with currently have both bw and keepass on my devices but mainly used keepass as main autofill.
2 Likes
You’re losing trust over a bug and/or a misinterpretation—it’s ridiculous. If you want to make a change, then go ahead… change, create your own password manager even, if you feel the need 
The SDK has been re-licensed over to the GPL. Can all the chicken-littles please chill out now?
TBH Im NOT suprised at all. It was predictable. Most of projects that start as FOSS ends like this. Its question of time only.