this post was submitted on 20 Oct 2024
529 points (95.2% liked)

Open Source

31223 readers
300 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

you are viewing a single comment's thread
view the rest of the comments
[–] zante@lemmy.wtf 19 points 3 weeks ago (3 children)
[–] fl42v@lemmy.ml 31 points 3 weeks ago (2 children)

I doubt it. What'll probably happen is them moving more and more of the logic into the SDK (or adding the back-end of new features there), and leaving the original app to be more or less an agpl-licensed ui, while the actual logic becomes source-available. Soo, somewhat red-hat-esque vibes: no-no, we don't violate no stupid licenses, we just completely go against their spirit.

[–] refalo@programming.dev 4 points 3 weeks ago (1 children)

go against their spirit

I think this is more of a failure of the license itself. It's not a good look to allow something explicitly and then go "no not like that!"

[–] fl42v@lemmy.ml 9 points 3 weeks ago* (last edited 3 weeks ago)

I'm not sure you can classify this as a failure, as explicitly prohibiting interfacing with non-agpl stuff would greatly limit the amount of stuff you can license under it, perhaps up to the point of making it generally unusable. As for "not like that"... Well, yeah. But you can't deny it's misleading, right? Free software kinda implies you can modify it whatever you want, and if it's a free ui relying on a source-available middleware... Turns out, not so much.

Although, a posdible solution would be require explicitly mentioning if you're basically a front-end for something; but I'm not sure if it can be legally distinguished from the rest of use-cases.