Link to Vaultwarden Github repository in footer about bw_web_builds HOT 11 CLOSED

If it doesn't break anything we should also add
<meta name="referrer" content="no-referrer" />

This would help privacy concerns if you accidentally click the hyperlink.

This might affect the "Launch" button when visiting a URI from an item but possibly in a positive way.
This could stop websites from knowing where a Vaultwarden instance is located.

from bw_web_builds.

from bw_web_builds.

Adding a hyperlink anywhere doesn't enforce any license.
Also, the web-vault isn't AGPLv3, but GPLv3.

The server is AGPLv3, but has little to do with the web-vault.
If we should put any license on the web-vault pages at all then we would need to use GPLv3, and point it to Bitwarden.

from bw_web_builds.

I know this repository is not under AGPLv3 and I don't want to change that.

Referencing a snippet of the 1.28.0 changelog notes

If you simply use our code without modifications, just pointing them to this repository is enough.

The hyperlink would satisfy this automatically afaik.

Additionally the footer on the web-vault reads

Vaultwarden (unofficial Bitwarden® server) Version 2023.3.0

It doesn't mention the web-vault but the actual server.

If you're running the API only then this would not apply, but I assume most deployments are using this web-vault alongside the API.

from bw_web_builds.

Adding that link here in this repo doesn't imply anything has changed on the server side, so that doesn't satisfy anything actually.
I can modify the code on the server and still use this web-vault base which then would point to the Vaultwarden project and give false info.

The main reason we have put Vaultwarden there is to prevent confusions with users reporting issues at Bitwarden instead of going to Vaultwarden. That was happening a lot. And i think it's less now.

from bw_web_builds.

I edited some language above to make sure we're all on the same page.

I don't expect this to satisfy distribution and copyleft licensing when the source has changed.

I again assume most deployments of Vaultwarden have no modifications to the Vaultwarden source code.

I currently use the Vaultwarden without modifying the source.

If you simply use our code without modifications, just pointing them to this repository is enough.

When you go to consume the Vaultwarden API over this web-vault you would automatically be pointed towards the Vaultwarden repository. The current footer doesn't satisfy this afaik, but a hyperlink to the repository would.

Again, this is quite limited in scope of being compliant but I think it would cover most future use cases of Vaultwarden.

I apologize if there's something I'm not understanding here.

from bw_web_builds.

I think the method of delivery here is a bit irrelevant. If someone communicated with the Vaultwarden API over email and you signed every response email with a link to the Vaultwarden API it would most likely satisfy this. The email has nothing to do with AGPLv3 or Vaultwarden. I'm not sure how thorough this has to be though according to AGPLv3. I think a simple hyperlink on this web-vault would show due diligence in respecting the AGPLv3 license of Vaultwarden since the "default deployment" of the Vaultwarden docker image ships with this web-vault.

Sorry for the email spam, I try to include as much as I can.

from bw_web_builds.

I think i understand you just fine no problem.

The text

If you simply use our code without modifications, just pointing them to this repository is enough.

Doesn't imply to always have a link needed to point to anything.
Just when someone requests the source of the server when unmodified you can use the main project repo.

Also, again, adding a link at the footer here in this repo by default isn't something useful into ensuring the server is unmodified. Also, people could still use the artifacts from this repo, or build it them self, and not change or remove that link, while still modifying the server code. It doesn't matter if 99.9% are using unmodified code.

Also, you mentioned the following.

Let's make sure most future deployments of Vaultwarden are automatically compliant with the AGPLv3.0 license

It doesn't help adding a link for that. As explained above. Also, all versions and thus deployments of Vaultwarden are AGPLv3 from a specific point when we changed it. It has nothing to do with the web interface. So there is no point into providing that link.
It also is not mandatory to provide a link to the source code by default to comply with the license as far as i know. But I'm not a lawyer.

And there are already links to the repo in the help menu. I think that is enough in my opinion.

from bw_web_builds.

Also, Bitwarden doesn't do this either. Same for a lot of other services and tools out there which use AGPLv3 as there backend server license.

from bw_web_builds.

And. The frontend and backend are two separate applications in the (A)GPLv3 sense. It doesn't matter that we bundle this into one container image. They are still two separate software entities.

from bw_web_builds.

AFAIK, the release notes are incorrect in that if you're simply hosting an unmodified instance, there's no requirement to provide a copy of the source to users, nor is there a requirement to point them to the source repo.

However, if you have modified the source, then section 13 says that "your modified version must prominently offer [the corresponding source code to] all users interacting with it remotely through a computer network". It seems to me that the most natural place to make this prominent offer is on the web vault login page, so it would be useful for the web vault to be able to link to the repo containing the modified source.

If anyone were inclined to work on this, the simplest solution would probably be to have the web vault check the url field returned by /api/config, and if it's not the default, then it would add a link to that URL (which presumably contains the modified source).

from bw_web_builds.