Could someone summarize what is happening with Bitwarden and how this affects Vaultwarden if at all?
1 Like
Bitwarden has always had non-Open Source components, such as their server or more recently the secrets manager. Functionality for interfacing with the secrets manager was recently added to the clients, importing a repository (sdk-internal) that was not free software. Because this was done in a way that did not allow for easy removal of said dependency, this effectively made the clients non-free software and made it impossible for F-Droid and Linux distributions to update to these new versions.
Bitwarden acknowledged the problem, called it a packaging error and re-affirmed their commitment to Open Source.
Within just a few days, they changed the structure of their clients repo. As of today it is again free software with the promise that if they were to ever add non-free components, they would add a build option that only uses free software.
tl;dr: Does not affect Vaultwarden. Nothing to see here, really.
2 Likes