- cross-posted to:
- opensource@lemmy.ml
- bitwarden@discuss.tchncs.de
- cross-posted to:
- opensource@lemmy.ml
- bitwarden@discuss.tchncs.de
Bitwarden isn’t going proprietary after all. The company has changed its license terms once again – but this time, it has switched the license of its software development kit from its own homegrown one to version three of the GPL instead.
The move comes just weeks after we reported that it wasn’t strictly FOSS any more. At the time, the company claimed that this was just a mistake in how it packaged up its software, saying on Twitter:
It seems like a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users.
Now it’s followed through on this. A GitHub commit entitled “Improve licensing language” changes the licensing on the company’s SDK from its own license to the unmodified GPL3.
Previously, if you removed the internal SDK, it was no longer possible to build the publicly available source code without errors. Now the publicly available SDK is GPL3 and you can get and build the whole thing.
I think I’m still switching to keepassxc, but I’ll still recommend bitwarden to normal people (and my bitwarden account is paid til 2027 anyway, lol)
Keepassxc is great if you don’t need to synchronize passwords across too many locations and do not require anything where state matters (mostly related to stuff like yubikeys). It DOES have the vulnerability in that a bad actor has infinite time to crack it should they get a hold of the file whereas bitwarden still lives on a server.
But they are very different products with very different capabilities. Whether someone needs bitwarden over keepass is going to be a question of use cases.
I use syncthing to sync my db and it works really well.