Open jonathanspw opened 1 month ago
The code is GPL. And i think the build also fails if you omit our patches to be applied and remove that directory.
Also, we build using the dist:oss:selfhost
option
https://github.com/dani-garcia/bw_web_builds/blob/cc03d26ac0f47481067f6ae313375e198a7b1164/Dockerfile#L50
Which only uses GPL compatible code as far as i know.
Which only uses GPL compatible code as far as i know.
I dug into the code a bit and as best I can tell you are right! Thanks for the quick reply and pointing me in the right direction on that.
Would you be open to a refactored patch that would allow removing that directory without causing failure?
working towards getting Vaultwarden and the web side packaged up into official packages
Nice. This means I won't have to build my own packages anymore. ;-) However, one thing I'd consider when packaging for Fedora is to create packages between releases.
e.g. I create packages (for the vw binary, not the webvault) like this: vaultwarden-1.30.5^20240519.753a9e0b-1.fc40.x86_64
working towards getting Vaultwarden and the web side packaged up into official packages
Nice. This means I won't have to build my own packages anymore. ;-) However, one thing I'd consider when packaging for Fedora is to create packages between releases.
e.g. I create packages (for the vw binary, not the webvault) like this:
vaultwarden-1.30.5^20240519.753a9e0b-1.fc40.x86_64
I'm happy to report that vaultwarden-web is in Fedora/EPEL stable repos. vaultwarden itself is currently in Fedora/EPEL testing repos and will hit stable in about a week.
As for the package updates between releases - is there a pressing reason to do that? If there are important changes that don't get cut in releases we can/should push upstream/vaultwarden to cut a release, or we can add them to the RPM as patches if it's important to get in the package before the next release.
Hi,
I'm a Fedora/EPEL packager and was working towards getting Vaultwarden and the web side packaged up into official packages and all is/was going smoothly until it came to my attention that code from https://github.com/bitwarden/clients/tree/main/bitwarden_license is indeed used in bw_web_builds.
I tested by simply removing the directory as part of the build scripts, and unsurprisingly, the build fails.
I believe this renders GPL-3.0 incorrect, at least for part of the content, anything built upon the bitwarden-licensed code, and unfortunately bars the web GUI from inclusion into Fedora/EPEL and any other distros which follow strict OSI-approved license requirements.
The restrictions from https://github.com/bitwarden/clients/blob/browser-v2024.5.0/LICENSE_BITWARDEN.txt#L27-L31 specifically make the bitwarden license incompatible with OSI standards.
I'm not very familiar with node/TS so I don't know exactly how/what these files are doing so I apologize if I'm totally off base here.