Comments (11)
If it doesn't break anything we should also add
<meta name="referrer" content="no-referrer" />
This would help privacy concerns if you accidentally click the hyperlink.
This might affect the "Launch" button when visiting a URI from an item but possibly in a positive way.
This could stop websites from knowing where a Vaultwarden instance is located.
from bw_web_builds.
from bw_web_builds.
Adding a hyperlink anywhere doesn't enforce any license.
Also, the web-vault isn't AGPLv3, but GPLv3.
The server is AGPLv3, but has little to do with the web-vault.
If we should put any license on the web-vault pages at all then we would need to use GPLv3, and point it to Bitwarden.
from bw_web_builds.
I know this repository is not under AGPLv3 and I don't want to change that.
Referencing a snippet of the 1.28.0 changelog notes
If you simply use our code without modifications, just pointing them to this repository is enough.
The hyperlink would satisfy this automatically afaik.
Additionally the footer on the web-vault reads
Vaultwarden (unofficial Bitwarden® server) Version 2023.3.0
It doesn't mention the web-vault but the actual server.
If you're running the API only then this would not apply, but I assume most deployments are using this web-vault alongside the API.
from bw_web_builds.
Adding that link here in this repo doesn't imply anything has changed on the server side, so that doesn't satisfy anything actually.
I can modify the code on the server and still use this web-vault base which then would point to the Vaultwarden project and give false info.
The main reason we have put Vaultwarden there is to prevent confusions with users reporting issues at Bitwarden instead of going to Vaultwarden. That was happening a lot. And i think it's less now.
from bw_web_builds.
I edited some language above to make sure we're all on the same page.
I don't expect this to satisfy distribution and copyleft licensing when the source has changed.
I again assume most deployments of Vaultwarden have no modifications to the Vaultwarden source code.
I currently use the Vaultwarden without modifying the source.
If you simply use our code without modifications, just pointing them to this repository is enough.
When you go to consume the Vaultwarden API over this web-vault you would automatically be pointed towards the Vaultwarden repository. The current footer doesn't satisfy this afaik, but a hyperlink to the repository would.
Again, this is quite limited in scope of being compliant but I think it would cover most future use cases of Vaultwarden.
I apologize if there's something I'm not understanding here.
from bw_web_builds.
I think the method of delivery here is a bit irrelevant. If someone communicated with the Vaultwarden API over email and you signed every response email with a link to the Vaultwarden API it would most likely satisfy this. The email has nothing to do with AGPLv3 or Vaultwarden. I'm not sure how thorough this has to be though according to AGPLv3. I think a simple hyperlink on this web-vault would show due diligence in respecting the AGPLv3 license of Vaultwarden since the "default deployment" of the Vaultwarden docker image ships with this web-vault.
Sorry for the email spam, I try to include as much as I can.
from bw_web_builds.
I think i understand you just fine no problem.
The text
If you simply use our code without modifications, just pointing them to this repository is enough.
Doesn't imply to always have a link needed to point to anything.
Just when someone requests the source of the server when unmodified you can use the main project repo.
Also, again, adding a link at the footer here in this repo by default isn't something useful into ensuring the server is unmodified. Also, people could still use the artifacts from this repo, or build it them self, and not change or remove that link, while still modifying the server code. It doesn't matter if 99.9% are using unmodified code.
Also, you mentioned the following.
Let's make sure most future deployments of Vaultwarden are automatically compliant with the AGPLv3.0 license
It doesn't help adding a link for that. As explained above. Also, all versions and thus deployments of Vaultwarden are AGPLv3 from a specific point when we changed it. It has nothing to do with the web interface. So there is no point into providing that link.
It also is not mandatory to provide a link to the source code by default to comply with the license as far as i know. But I'm not a lawyer.
And there are already links to the repo in the help menu. I think that is enough in my opinion.
from bw_web_builds.
Also, Bitwarden doesn't do this either. Same for a lot of other services and tools out there which use AGPLv3 as there backend server license.
from bw_web_builds.
And. The frontend and backend are two separate applications in the (A)GPLv3 sense. It doesn't matter that we bundle this into one container image. They are still two separate software entities.
from bw_web_builds.
AFAIK, the release notes are incorrect in that if you're simply hosting an unmodified instance, there's no requirement to provide a copy of the source to users, nor is there a requirement to point them to the source repo.
However, if you have modified the source, then section 13 says that "your modified version must prominently offer [the corresponding source code to] all users interacting with it remotely through a computer network". It seems to me that the most natural place to make this prominent offer is on the web vault login page, so it would be useful for the web vault to be able to link to the repo containing the modified source.
If anyone were inclined to work on this, the simplest solution would probably be to have the web vault check the url
field returned by /api/config
, and if it's not the default, then it would add a link to that URL (which presumably contains the modified source).
from bw_web_builds.
Related Issues (20)
- GPG key used for releases package is expired HOT 2
- problem with creating new accounts in version 2022.11.1 HOT 3
- Link to 2FA recovery might not work properly HOT 2
- AGPL? HOT 3
- Unable to build on macOS HOT 2
- something off with version number
- Diagnostic page web version check HOT 1
- Would you mind offer the resources to be in the correct tree structure? HOT 1
- build web-vault v2023.5.0 patch HOT 1
- Web vault loads Ukraine hymn HOT 6
- Wrong web-vault version in diagnostic admin panel HOT 2
- Master password: input is required HOT 4
- Considering update to node 18? HOT 9
- Rethinking the web-vault repository HOT 3
- during build: Unable to resolve reference $tailwindcss HOT 7
- Remove version display on the frontpage. HOT 2
- BUG: importing json HOT 2
- how are assets created? HOT 4
- Current install instructions fail HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bw_web_builds.