Bitwarden introduced a non-free dependency to their clients. The Bitwarden CTO tried to frame this as a bug but his explanation does not really make it any less concerning.

Perhaps it is time for alternative Bitwarden-compatible clients. An open source client that’s not based on Electron would be nice. Or move to something else entirely? Are there any other client-server open source password managers?

  • just_another_person@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    7
    ·
    29 days ago

    BitWarden already has lots of clients. There’s also VaultWarden for the server if you want.

    This is being blown a bit out of proportion though. All they are saying is the official SDK may have some non-free components going forward. So what? It’s a private company, they can do what they want. Or the community can just fork it and move forward with a free one if they want, but it’s just not going to be in the official BitWarden clients. Hardly news or a big deal.

    • thayerw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      16
      ·
      29 days ago

      I can only speak for myself, but I would never trust opaque, proprietary software to manage my credentials, especially in a networked environment. For me, that’s a total showstopper.

      I’ve never had need to use Bitwarden or Vaultwarden as I’ve always been happy with KeePass, but this news would definitely have me choosing an alternative.

      • Lucy :3@feddit.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        20
        ·
        29 days ago

        I always found it weird for people to recommend BitWarden … it just FELT like a company that’ll go completely off track sooner or later. And it did. Oh wonder. KeePass ftw!

        • Lemmchen@feddit.org
          link
          fedilink
          English
          arrow-up
          17
          ·
          29 days ago

          completely off track

          Let’s see how things evolve before declaring things like that.

        • Darorad@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          29 days ago

          Eh, there’s a completely independent reimplementation of the server, so I’d be surprised if the same doesn’t happen for the apps if there’s a real issue that comes up

    • 486@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      29 days ago

      BitWarden already has lots of clients.

      Does it? I’d be very much interested to know. I’ve been looking for other clients before, because I didn’t like the sluggishness of the Electron client, but couldn’t find any usable clients at all. There are some projects on Github, none of which seemed to be in a usable state. Perhaps I have been missing something.

      This is being blown a bit out of proportion though. All they are saying is the official SDK may have some non-free components going forward. So what? It’s a private company, they can do what they want. Or the community can just fork it and move forward with a free one if they want, but it’s just not going to be in the official BitWarden clients. Hardly news or a big deal.

      Nobody said that they can’t do that (although people rightfully questioned that their changes are indeed comatible with the GPLv3). I very much disagree that this isn’t a big deal, though.