[faitswulff]

Just idle curiosity, but I'd be curious to see BitWarden's commit on GitHub:

> ...at one point during our evaluation we submitted a bug report about Bitwarden through its Github project; one of the product’s maintainers committed a bug fix seventeen minutes later, and just a few days after that the fix was released to the public.

[callalex]

That tells me that their testing is either extremely excellent , or extremely nonexistent. Rumors seem to point towards the latter, which is concerning for security software.

[cassianoleal]

I don't know about the rumours, but "a few days" is a long time to test a bug fix.

It should ideally take from a few seconds to a few minutes. That's not extremely excellent, it's just good practice.

More than that and it hints towards heavy reliance on manual testing, and that's something I'd be worried about.

EDIT: Despite the parent comment's misguided logic, it seems his/her fears are actually in the right place.

An issue was opened about 6 weeks ago asking where the tests are and it received zero responses from the maintainers: https://github.com/bitwarden/core/issues/399

[jik]

It was a cosmetic, not a security-critical bug, so there's really no reason why it needed to be released right away.

Also "a few days" was just a guess. I noticed that it was a problem, then I noticed a few days later that the fix had been release. I don't actually know exactly how long it took to release the fix after it was committed.

[halfastack]

For enterprise software, a couple days is indeed strange. For OSS, it's standard in good communities I'd say. When I filed bug fixes against Tomcat, I often had fix within that day (though it was released only during the typical release schedule of Tomcat)

[philliphaydon]

I assume it's this issue.

https://github.com/bitwarden/web/issues/303

Edit: Never mind, I can't find anything opened and fixed in ~17m.

[jik]

https://github.com/bitwarden/web/issues/303#issuecomment-446...

[fluxty]

Nice. That's some response time.

[InGodsName]

Is Bitwarden a native app on mac? Or it's an electron app? Can we use it with dropbox sync instead of their web sync?

[dddw]

no use of your own (dropbox) sync...