Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

  • fl42v@lemmy.ml
    link
    fedilink
    arrow-up
    67
    ·
    2 months ago

    Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.

    • the SDK and the client are two separate programs
    • code for each program is in separate repositories
    • the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3

    Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.

    I.e. “fuck you and your foss”

      • fl42v@lemmy.ml
        link
        fedilink
        arrow-up
        32
        ·
        2 months ago

        I doubt it. What’ll probably happen is them moving more and more of the logic into the SDK (or adding the back-end of new features there), and leaving the original app to be more or less an agpl-licensed ui, while the actual logic becomes source-available. Soo, somewhat red-hat-esque vibes: no-no, we don’t violate no stupid licenses, we just completely go against their spirit.

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          8
          ·
          2 months ago

          go against their spirit

          I think this is more of a failure of the license itself. It’s not a good look to allow something explicitly and then go “no not like that!”

          • fl42v@lemmy.ml
            link
            fedilink
            arrow-up
            9
            ·
            edit-2
            2 months ago

            I’m not sure you can classify this as a failure, as explicitly prohibiting interfacing with non-agpl stuff would greatly limit the amount of stuff you can license under it, perhaps up to the point of making it generally unusable. As for “not like that”… Well, yeah. But you can’t deny it’s misleading, right? Free software kinda implies you can modify it whatever you want, and if it’s a free ui relying on a source-available middleware… Turns out, not so much.

            Although, a posdible solution would be require explicitly mentioning if you’re basically a front-end for something; but I’m not sure if it can be legally distinguished from the rest of use-cases.