Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
alt227 4 hours ago

Again, for how long? The answers to all the questions seems to be the same. If Bitwarden was sold they could remove all of this free functionality and interoperability with 3rd party clients immediately.

Then you could say well Vaultwarden will work with these forked clients, but then you are placing your security into the hands of multiple different open source maintainers and vaultwarden then has nothing to do with Bitwarden and becomes some random back end + some random 3rds party clients.

rcxdude 4 hours ago | parent [-]

Sure, but vaultwarden as a system would be entirely usable, I don't think a lot of it is really relying on the bitwarden compatibility for much more than a little convenience.

alt227 4 hours ago | parent [-]

Useable yes, but trustable? Not without some serious backing and regular auditing from some public security experts.

IMO that fact that the existing Vaultwarden system relies on Bitwarden clients and therefore caries Bitwardens secure reputation is its main selling point. Take that away and Vaultwarden is nothing more than some random back end software that can not really be trusted.

rcxdude an hour ago | parent | next [-]

Maybe, I don't think that reputation really should transfer anyway, and it's not something I would consider necessary for using it. (I mean, some scrutiny is obviously good, but I don't think it needs to be as big as Bitwarden).

troyvit 3 hours ago | parent | prev [-]

> the existing Vaultwarden system relies on Bitwarden clients and therefore caries Bitwardens secure reputation is its main selling point.

I hope that this could be a starting point and not an end-point of Vaultwarden. It has gotten far on the shoulders of the Bitwarden giant. If it forked, would it have a large enough community to continue to carry that trust forward (including building new clients)? How much financial support would they need? Could they find a sponsor? It's a European project -- would the EU help fund it as a data sovereignty push?

alt227 3 hours ago | parent [-]

Agreed, it would be great to have a fully open source solution, however I would be wary of it until it was audited and backed by secuirty professionals in the field.