Nice! And MIT too. Perfect; I’ve given it a star now.

I agree. I don’t have the time but someone should point this out to the dev via an issue on GitHub.

So basically don’t use this in anything commercial because the phrase “feel free” is different to legally libre and gratis. I personally wouldn’t touch this until it’s released under a reputable license.

Shame they didn’t use a proper license when publishing.

My very experience at university. Projectile vomit all over the place.

What’s the reference?

Reference for the admission?

And it’s made by a Bitwarden developer.

They highlighted it was a bug and said it would be fixed very soon after it was flagged. It was addressed in a matter of days. You can build the server with the /p:DefineConstants=“OSS” flag still and you can build the clients with the bitwarden_license folder deleted again (now they’ve fixed it).

I don’t understand why you’re throwing FUD about this. Building without the Bitwarden Licensed code has been possible for years and those components under that license have been enterprise focused (such as SSO). The client is still GPL and the server is still AGPL.

This has been the way for years.

Cool. They got that sorted nice and quickly.

Edit:

I don’t get why people think they’re suddenly doing stuff under a different license to subvert the open nature of the project. They’ve been totally transparent on what isn’t part of the GPL/AGPL licensed code for years.

SSO, the password health service, organisation auth requests, member access report blah blah have been enterprise features under the Bitwarden License for ages and they architected the projects in a clear and transparent way to build without those features since they added them.

Technically they thought they might have introduced a bug that caused the delay / a regression and set about investigating it. Pretty sure it was a Microsoft developer too.

Thank you for the smug response however I did indeed read the article and going from 13 months to 10 days is not a trend but a complete rearchitecture of how certificates are managed.

You have no idea how many orgs have to do this manually as their systems won’t enable it to be automated. Following a KBA once a year is fine for most (yet they still forget and websites break for a few days; this literally happened to NVD of all things a few weeks ago).

This change is a 36x increase in effort with no consideration for those who can’t renew and apply certs programmatically / through automation.

Smells like Apple knows something but can’t say anything. What reason would they want lifespans cut so short other than they know of an attack vector that means more than 10 days isn’t safe?

AFAIK they’re not a CA that sells certs so this can’t be some money making scheme. And they’ll be very aware how unpopular 10 day lifespans would be to services that suck and require manual download and upload every time you renew.

This is actually why I use macOS at work - I wasn’t able to get a Linux box approved by IT but they happily support macOS and I get to use basically all the same software I do on Linux.

Lost me immediately with “Blockchain Socialist”.

All that money and engineering to have a human still needed to do the job of a human lol.

Exactly. Source it from upstream at build time or something so it’s transparent.

You’ve been on vacation for 5+ months?

Also wouldn’t it be best to post this communication in the issue thread?

Given how long this has gone on now, it’d probably be best to inform your community that you’ll be removing BLOBs from the source and for them to be produced during build otherwise this shadow is going to remain.

This was the first time I’ve ever heard of your software and has kind of made me want to steer clear of it.

Steam VR 3.0 bitches. Grab your tinfoil Half-Life 3 crowbars because the 3 is a-coming.

Jokes aside, Valve really are true to their word 11 years ago at LinuxCon.

You okay?