220
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 25 Oct 2024
220 points (98.7% liked)
Open Source
31358 readers
265 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
This is conspiratorial thinking, and it's a fallacy called the Argument from Silence (i.e. asserting intent based on what they didn't say). If I say I'm going to give you a handshake, but you say, "But you didn't promise you won't punch me in the face," most people would recognize that as a ridiculous line of reasoning.
You do you. This doesn't seem all that problematic to me, as I don't need Secrets Manager, and I'll still recommend it to anyone looking for a password manager.
Seems to me that it makes more sense to vilify them when they become villains, not before based on paranoid reasoning that they might.
Not trusting a company that has been quietly undermining open source builds of their android client and being cagey + using guarded and laconic PR speak on this is not fallacious thinking, it is just recognizing behaviors and knowing why a company would be doing that. These companies hire people to craft responses and otherwise manage their "community", and providing no assurances of permanently open clients when they tried to pull this is an intentional omission.
I hate to say this, but there's no real assurances of permanently open clients from anyone. Also, their client is still open, and if they do drop the OSS model, people can just fork it and still have a working client (or fork an old version that meets whatever standards they have).
But unless we can prove that they have actually done something ethically wrong, I don't see why the internet feels the need to waste energy creating villains from conjecture.
*is open again. The clients they distributed were not open source until they open sourced sdk-internal. The fact that you couldn't even build it with only open code even if you wanted to was a bug but that's a rather minor issue in comparison.
I also fully believe that they would not have GPL'd sdk-intenral without public pressure. Even when they were originally called out they were pretty clear that the integration of proprietary code was intentional and done with the knowledge that it would typically violate the GPL.
If you don't see what's ethically wrong with even attempting to subvert the GPL, I don't think you've understood open source.
You might not have read the other comments, but I do QA for a living. Devs fucking up commits is why I continue to have a job. Also, companies/maintainers aren't required to capitulate to every bug report. It's possible that whoever made the original comments didn't understand why it was such a big deal and/or didn't know of an alternative way to structure their software; public pressure made them look a little harder.
Like I said in my first comment: you do you. Bring out the pitchforks. The fact that there's reasonable candidate explanations other than malicious intent says to me that the internet is overreacting—again.
Though, when has the internet ever done that, amirite? /s
That would be a reasonable explanation if we didn't get an admission this was done very much intentionally so, with only the inability to even build being an unintended side-effect from the founder and CTO himself.
I'd invite you to actually read the two comments they made in the thread I linked, I get the feeling that you didn't.
Of course you inherently cannot trust a private company to keep their product open, including open core models. In that situation everyone using or contributing should be making a gamble: that if they go too far the project will be forked, the company will cut its community in two, and the fotk will go on to be decently successful as a community project.
Their inability to do the right PR things is just a signal that they can't be bothered with the facade that is useful for them to maintain community support and FOSS nerd marketing for their product.
Re: ethics, they are no longer on F-Droid because they tried to get this in under the radar and include non-free code in builds. Instead of fixing that problem they made their own repo.
Bitwarden will likely eventually destroy their FOSS model for profit-seeking, it is just a matter of when. This is how these things work.
...or they're just bad at PR. It's not a skill everyone has.
...or they made an honest mistake and don't care to put it back on F-droid for reasons to which we are not privy. I bring up these counter-examples not as a way to point out where I'm right and you're wrong, but to point out that there are other candidate explanations, and it's not justified to infer that malfeasance is the only likely possibility.
I also understand why you would cynically think that Bitwarden might succumb to Capitalism—I too live in a late-stage-capitalism country—but that's not a forgone conclusion, and I say again that we don't need to be imagining villains when there's plenty of objectively real ones at which to point a finger already.
I think it is unlikely that they are simply bad at PR and not trying to do damage control for something they would like to push anyways eventually. Why are they creating a proprietary element in the first place? Is the selling point of their product not that it is open source? They are making some changes.
An honest mistake of hosting their entire own repo and writing up documents for it? It isn't just off F-Droid, they are doing their own thing.
Yes you are suggesting that people give them the benefit of the doubt. And I am saying that would be unreasonable given the facts.
Bitwarden has already succumbed to capitalism, it is a product by and for a for-profit company. It is, with few exceptions, just a question of when they will have a profitability crisis and need to find avenues by which to increase revenues or decrease costs. Sometimes that takes 15-20 years, sometimes it takes 3.
I have not followed their finances but I would be curious to know what they are doing at the moment. Could be seeking to get bought out, could be looking for new funding, could be working around the needs of a major client, could be something else.
As always, when a project is backed by a company we should approach it tentatively because while they will provide support for it for some time they will eventually be tempted to do something shady to increase profit. Or to just be profitable at all, which investors always want ASAP when interest rates are high. And then we will need to fork it and see if it is feasible without VC backing. To my knowledge the only other viable path for an open source company is to become an industry standard where the major monopolies decide to not fight about it and instead say, "it is fine as it is and won't be profitable but it is a useful thing to share costs on". Docker, Inc. is somewhere along that path, scraping together products at the periphery of the software while the industry monopolies more or less share the core project in its various compatible forms. And Docker similarly tried to ham-fistedly seek profit sources like when it tried a silly fee scheme for Dockerhub and created a small exodus that the monopolies ate up (e.g. GitHub).