Bitwarden introduced a non-free dependency to their clients. The Bitwarden CTO tried to frame this as a bug but his explanation does not really make it any less concerning.

Perhaps it is time for alternative Bitwarden-compatible clients. An open source client that’s not based on Electron would be nice. Or move to something else entirely? Are there any other client-server open source password managers?

    • thayerw@lemmy.caEnglish
      432·
      12 days ago

      I can only speak for myself, but I would never trust opaque, proprietary software to manage my credentials, especially in a networked environment. For me, that’s a total showstopper.

      I’ve never had need to use Bitwarden or Vaultwarden as I’ve always been happy with KeePass, but this news would definitely have me choosing an alternative.

      • Lucy :3@feddit.orgEnglish
        526·
        12 days ago

        I always found it weird for people to recommend BitWarden … it just FELT like a company that’ll go completely off track sooner or later. And it did. Oh wonder. KeePass ftw!

        • Lemmchen@feddit.orgEnglish
          18·
          12 days ago

          completely off track

          Let’s see how things evolve before declaring things like that.

        • Darorad@lemmy.worldEnglish
          6·
          12 days ago

          Eh, there’s a completely independent reimplementation of the server, so I’d be surprised if the same doesn’t happen for the apps if there’s a real issue that comes up

    • 486@lemmy.worldOPEnglish
      23·
      12 days ago

      BitWarden already has lots of clients.

      Does it? I’d be very much interested to know. I’ve been looking for other clients before, because I didn’t like the sluggishness of the Electron client, but couldn’t find any usable clients at all. There are some projects on Github, none of which seemed to be in a usable state. Perhaps I have been missing something.

      This is being blown a bit out of proportion though. All they are saying is the official SDK may have some non-free components going forward. So what? It’s a private company, they can do what they want. Or the community can just fork it and move forward with a free one if they want, but it’s just not going to be in the official BitWarden clients. Hardly news or a big deal.

      Nobody said that they can’t do that (although people rightfully questioned that their changes are indeed comatible with the GPLv3). I very much disagree that this isn’t a big deal, though.