[wmal]

The title is misleading. This is not fully "free and open-source". I'm actually puzzled by the licensing structure.

Bitwarden server is dual-licensed [1]

- part of it is licensed with AGPL (Open Source)

- some features are licensed with a source available Bitwarden license

Now, even the Open Source core requires you to register if you want to self host. This is to provide you with complementary services like security updates, push relay servers (?), and licensing checks. [2] Although not stated in the docs, I guess this also improves their telemetry data, as they suggest to never share the license keys between installations.

I completely understand the need to use source available licenses instead of open source. What I don't understand is why to even license parts of your app as Open Source? The resulting product is not free. Neither as in beer, nor as in speech. Does anyone know good reasons for doing that? I'm asking seriously. I'd like to better understand how companies benefit by marketing their products as Open Source, even if they are barely open source.

[1]: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ....

[2]: https://bitwarden.com/help/hosting-faqs/#q-what-are-my-insta...

[skjoldr]

"Commercial.Core and SSO integration: Code for certain new modules that are designed and developed for use by larger organizations and enterprise environments is released under the Bitwarden License, a "source available" license."

The rest of Bitwarden is free both as in beer and as in speech. Dunno why you think otherwise. Vaultwarden exists, and Bitwarden clients are compatible with it.

[wmal]

Thank you, and other people, for mentioning Vaultwarden. I’ll check that out. This is, however, a separate software package, coming from different people, so not related to my question.

Bitwarden is not free as in speech, as it requires me to register with Bitwarden, Inc and get a license key to be able to self host. Also, then it uses some closed cloud services.

As for the free as in beer - this is more nuanced, but I still think it is far from free. For individuals - hosting something that requires 2-4 GB of RAM [1] is definitely not free. For companies - hosting something that doesn’t include SSO is pointless. The Bitwarden source available license, that includes SSO, does not allow production use [2], and requires a paid subscription instead.

BTW I completely understand the reasons to not open source everything. What I don’t understand is: why not use the source available Bitwarden license for the entire server codebase?

[1]: https://bitwarden.com/help/install-on-premise-linux/

[2]: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ....

[skjoldr]

> Bitwarden is not free as in speech, as it requires me to register with Bitwarden, Inc and get a license key to be able to self host.

That is not the right understanding of the term "free" because the code is completely open-source and you can remove the parts that have to do with registration and enterprise features yourself without breaking the license agreement. You would have to maintain such a fork on your own though. It would be easier if Bitwarden Inc. themselves would maintain a completely open-sourced version and an open core version with non-free parts and registration, but they are not obligated to do so.

[tjomk]

Why does everyone assume that if something is open source it must also be free and licensed under permissive license allowing you whatever? Briefly looking at their website I got the impression that it was meant for transparency reasons rather than in the spirit of free and open-source.

[wmal]

I didn't assume it must be free of charge. I only mentioned it isn't, to point that this is not a possible reason they chose AGPL.

I did, however, assume the Open Source <=> OSI approved license. How else to define Open Source?

Transparency alone could be achieved with their own Source Available license, so it doesn't seem like a reason for double licensing.

[linsomniac]

Yesterday I was listening to The Changelog podcast with Steve O'Grady called "Open Source is at a Crossroads". In it he says something along the lines of: We have companies come to us saying they want to release their source under an encumbered license and we tell them that they can definitely do that but they can't call it open source, because open source means something fairly specific to developers. We work with them on getting their specific license terms set up but they come back saying "We really want to call it open source, because developers find open source cool, and we want to attract developers." Developers like it because of what open source means.

https://changelog.com/podcast/558

[wmal]

Thank you, I found the answer to my question posted above in this podcast and the article linked there [1]

So, the argument is simply that Open Source is a branding that attracts developers as a target group.

I wonder when will we start seeing commercial, source available projects posted to GitHub with a single file like stringutils.[ts|go|java|etc] MIT-licensed for a single purpose of calling the entire project "Open Source"

[1]: https://redmonk.com/sogrady/2023/08/03/why-opensource-matter...

[e12e]

I don't think anyone really cares, but from the wording in the license faq, it sounds like you can host the server as FOSS -only?

> ... api includes... Commercial Core which is under the Bitwarden License, however this can be disabled by using /p:DefineConstants="OSS" as an argument to dotnet while building the module.

[the_gipsy]

You said it yourself, marketing.