The BW team have said it was a bug/error that was misinterpreted, let’s give them the benefit of the doubt, they’ve been blameless up to now and they’ve stated several times on X, Reddit, Github that nothing was going to change, the matter is supposed to be closed now
I don’t understand why there are still people who expect companies to make no mistakes, no miscommunications, no bugs or anything else.
Nothing changes, trust is not supposed to erode, what more do you expect, it’s going to stay open source, everything’s fine
That news do not bother me at all, but I was curious about alternatives and actually I allready seen there is a Keyguard, but I did not knew it is a 3rd party Bitwarden client. One of my devices is old and slow and Bitwarden works bad, even crashes. Keyguard is so much better with all the same features and even more! I wonder why nobody ever mentioned this app?
Please don’t tell me to move on, or aim to pass a subjective issue as an objective issue. It’s rude, and shows fanaticism rather than discussion. You are free to move on, I’m free to say I’m not comfortable with their service. Unless I am stating something objectively wrong, please don’t try to dictate anything. If you don’t like subjective criticism of a service you like, ignore the thread and move on
First of all yes. And second of all, this is again rude to say that this was:
Slight error in communication
Or community is stupid to misinterpret it.
Both of these points are your interpretation of it, feel free to present them as such. But don’t assume that the stupidity you assign the community is not something that you yourself might be indulging in with these arguments.
I am not asking you to stop using BW, but stop telling me what to use or that this isn’t an issue. Don’t impose on others the standard of service you feel you deserve, since others might expect more or less than that.
I believe they have clarified the situation. As I understand it the password manager is open source and the intention is to keep it open source. The proprietary parts are the enterprise and extended functions like Bitwarden Send.
This is a common scenario. Some programmer far below senior management has a great idea, they can simplify the code base by merging all the different libraries into the SDK. Their immediate manager things “great idea lets do it”. Then when the community flags it the senior management becomes aware of it. The director or VP or whatever thinks “what are those idiots doing” goes down and points out to them that the password manager part is supposed to be open source, and that is the company model. The programmer who had the great idea goes “oops” and gets to undo all the merging they have done. I would think very few large projects would not have had something similar happen.
As I understand it, there is no change here. The base password manager is open source and intended to be open source. The proprietary parts relate to enterprise and extended features and have been kept separate so that the password manager parts can be kept under GPL. All that has happened is that more people are aware that there are the 2 sets of code.
One of the issues with this forum is that there are many people who immediately react (knee jerk reaction) and start extrapolating a worst case scenario without gathering the facts. As I see it, someone within Bitwarden had what they thougth was a great idea, and actioned it and this time no one within the company caught it so it came into public view. The great thing is being open source it was possible for the community to see this and bring it to Bitwarden’s attention. They seem to have put it back on the correct path. I am sure there will be more such incidents in the future but as long as they are corrected, I see this as a normal part of development.
I translated what I wrote from French to English, maybe there was a misinterpretation, I didn’t mean to be disrespectful, I just wanted to say that officially it was a bug and that according to BW it was a misinterpretation by the community (which isn’t stupid) and that this kind of reaction can have harmful effects.
Even before the BW team had a chance to explain or defend themselves, loads of articles, posts, topics etc were published explaining that BW was no longer open source and that people should think about changing their password manager, whereas nothing is going to change, the trust remains the same, the open source aspect, everything…
The risk is that, in the long term, some people (newcomers) will form the wrong opinion or judgement about a solution because of a bug or misinterpretation, and I don’t think that helps the open source community.
We’ve had problems with Proton, Tuta, GOS, Signal, Firefox, Brave, DDG, Organic Maps, Linux etc.
Thanks for the summary, I completely agree, that’s what I meant, there’s no drama, nothing changes and that’s just as well, no need to over-react to officially misinterpret a bug by the community.
Glad that they fix it promptly. I thought the incident was blown out of proportion too. That being said I’ve slowly looking into keepass since the incident.
The reason I’ve originally chosed to use bw was that i aren’t confident enough with my ability to secure and sync the database myself. Turns out it wasn’t that hard with few cloud storage in the mix. Still using bw though, with currently have both bw and keepass on my devices but mainly used keepass as main autofill.
Maybe for you. For me doubts still stand. Both of these situations should be perfectly fine, it’s an opinion.
No it’s not, stop trivializing it. It’s the classic “blame the intern”. If their coding practices are so terrible that junior devs can pass changes like this, I don’t trust them with critical software.
Again, rude to characterize that there are “many” people who “give knee jerk reactions”. Unless you have done extensive surveys and research of the forum, then of course you are entitled to make these argument. Forgive me if I assume you haven’t.
What I am seeing from this conversation that BW community members would rather imply concerned BW users are naive or trivialize their concerns rather than let them exist with their opinion about an incident. Interesting strategy, but please don’t bother using it with me. If there is something objectively wrong with my subjective opinion and trust on BW (oh the irony), please don’t ping again.
I am kinda done with this whole name calling, so I will be looking at KeePass or Proton (probably worse than KeePass, so not doing that either), if of course the members above allow me
You’re losing trust over a bug and/or a misinterpretation—it’s ridiculous. If you want to make a change, then go ahead… change, create your own password manager even, if you feel the need
That person never called you or the community stupid. You chose to put that word in their mouth.
Not sure how this is this a rude thing to say. Especially when you immediately go on to characterize “BW community members” in a similarly unfashionable light.
There’s no need to get so defensive. Just discuss the facts of the matter, no need to cry name-calling or rudeness where it didn’t happen.
There, there. No need to get defensive now. This is a great time to learn how to accept everyone does not have the same standard of expected transparency from services they use. Thanks for the input
Expressions used so far for expressing I don’t trust BW now: Move on, Chicken littles, create your own password manager, overblown, knee jerk, etc.
Unfortunate overall. I have already mailed support for cancellation, thanks for the incentive. Please continue discussing, don’t ping me if you can respect a request. Or is that a bridge too far when defending services you like from, god-forbid, subjective opinions. I have already muted the rest, thanks.
I’d argue this thread should be closed. No new discussion points are coming out of this thread, just seems to be bickering. I think it’s safe to say that Bitwarden remedied the immediate issue. Whether or not you wish to stick with them really seems to be a matter of personal opinions about FOSS.
From this I think it’s reasonable to lose trust in Bitwarden and their relationship with open source. I think it’s also reasonable to be satisfied with their corrective steps and remain a customer / user while observing how they act moving forward.
None of this currently comprises the security of the software, in my opinion, at this time. So users can still safely use Bitwarden. It’s not proprietary, and currently not limited source available (for the most part) - and it seems their current communication says they will try to maintain a GPL compatible build always and will fix it if the build fails. But if strict FOSS matters and you are feeling nervous as a Bitwarden user, others have mentioned some FOSS community driven alternatives like KeePass which might be good to look into.
