Bitwarden Changes Its SDK License to GPL to Resolve Potential Open Source Controversies
Brook.X
It was previously discovered that the password manager Bitwarden had switched the license of its used SDK to a non-open source license. Detaching from this SDK (sdk-internal) would render the product unbuildable, triggering a crisis of open-source trust within the community regarding Bitwarden.
In response, Bitwarden assured that it would continue to open source in the same manner as before. The SDK was not intended to be open-sourced initially, and the inability to build the product without the SDK was a mistake that would be corrected.
Nonetheless, the controversy had already impacted Bitwarden's open-source reputation. Ultimately, Bitwarden decided to adjust the license and open-source the existing SDK toolset under the GPL 3.0 license.
To achieve this, Bitwarden's approach was not to make the SDK open source directly, but to reference a new repository used for the open-source licensing model, allowing the continued building of any product.
Furthermore, to prevent similar issues in the future (although Bitwarden stated this issue was not intentional), if the open-source repository references code again that contains the Bitwarden license (not an open-source license), officials will provide a method to build the product without that code, avoiding further controversies.
Through this incident, Bitwarden has realized the complexities of managing various codes and licenses in its growing repository. It is unlikely that similar issues will arise in the future, ensuring developers dedicated to building projects with Bitwarden's open-source code can do so with confidence.
Code change records can be viewed here: https://github.com/bitwarden/sdk-internal/commit/db648d7ea85878e9cce03283694d01d878481f6b
