Bitwarden should manage its Flathub application

Flatpak is a packaging system for Linux and is one of the most popular and preferred ways of installing apps. Flathub is a repository for Flatpaks and while Flatpaks are not exclusive to Flathub, most applications available as Flatpaks can be found there. Many popular Linux distros such as Pop!_OS and Linux Mint have the Flathub repository included and enabled by default and most Linux users will add it themselves if it is not already installed on their distro. Flathub currently has an unofficial Bitwarden app maintained by community members. I believe this poses a serious security risk and Bitwarden should take over development themselves. There are currently 1000s of Linux users using the Flathub version without realizing that it is community maintained and unofficial. So the benefits of Bitwarden having an official Flatpak are:

  1. It would give Linux users another easy and convenient way to install Bitwarden, especially since many Linux users prefer Flatpaks over other distribution methods.

  2. It would protect the many Linux users currently using Bitwarden from Flathub without knowing the risks.

Flathub encourages developers to maintain their own applications and all Bitwarden would have to do is contact Flathub to discuss transfer of ownership.

Completely agree. I was wondering if the Flatpak one official or not, I googled it and found this. I’ve just registered an account for voting this. Thought Manjaro community and AUR should be on radar as well.

6 Likes

Although the AppImage can fit all, It may still be frustrating, i.e. putting the AppImage icon on a dock bar on Gnome could be more complex than just downloading from a store.

3 Likes

I feel more comfortable if Bitwarden officially manages the flathab version. Plus many linux users prefer flatpaks over snaps anyways.

38 Likes

exactly this - thank you for the OP @Fedora clear post - it’s a no brainer to me

1 Like

Agreed, this would be good as many people do not want to have to deal with snap packages. Would decrease the risk of the maintainer addind malicious code

5 Likes

Voted in agreement. This should definitely be done as most GNU/Linux users despise Snaps for a variety of reasons. You’ll probably be able to see some more recent examples of the dislike of Snap with the recent Ubuntu 22.04 release as an example since Firefox is no longer a native package; instead, it’s the Snap package, even if you try to install it via apt.

1 Like

Also created an account just to vote on this!

6 Likes

I joined just to chime in.

A flatpack or snap is the wrong answer. They need to release mainline RPMs / DEBs.

Any software that manages passwords shouldn’t be installed in a way that it will most likely miss the security updates. Yes, flatpacks are easier than snaps, but they both suffer from being easy ways to install software that then never gets updated.

3 Likes

They do have native packages available already, which aren’t able to be automatically updated. This thread is to have the Bitwarden developers (8bit Solutions, LLC) take over maintainership of the Flatpak package that already exists on Flathub, as they already officially maintain the Snap package. It’s more secure to use the Flatpak than it is to use the current native packages being that you don’t have to manually update - though they could use Copr for an RPM repo if they really wanted to enable automatic RPM updates.

I don’t know about RPM, but I am pretty sure Bitwarden does not maintain an apt repository for deb packages. If they did, which is what @Edwin_Buck has suggested, then one could easily auto-update Bitwarden (e.g., on Debian/Ubuntu, use unattended-updates). I despise both Snap and Flatpak packages because they are cannot be updated as frequently as native packages.

Hello! I just wanted to put my two cents! I have used bitwarden for a while and I am very happy with it. For me, the flatpak app has been really useful on keeping my Linux instances of Bitwarden updated. It would be very appreciate if it was officially maintained.

Keep the great work!

They don’t maintain repositories, but they do release DEB and RPM packages. You have to click on ‘More desktop installation options’ on the Download page to reveal it, but neither of them automatically update (side-note: I don’t like that the native packages are hidden like that really either, but that’s another conversation for a different day).

I’m confused on what you mean by Flatpaks and Snaps can’t be updated as frequently. Can you clarify that, please?

Under the current system, there is no way to automate the update of BW deb packages. If there was an official apt respository maintained by Bitwarden, this would be a piece of cake to accomplish, and you could enable your system to upgrade as soon as a new release was published.

As I am sure you are aware. Flatpak and Snap packages are notoriously slow to integrate updates. If you want to ensure that your machine is always running the most up-to-date version of Bitwarden or other software, a developer-maintained apt repository is the best solution, as @Edwin_Buck has already mentioned above.

My understanding was just that they just wanted DEB and RPM packages. If they wanted repositories, I’m in full support of that as well (my previous mention of Copr would be my recommendation here for the RPM side at the very least) - but I still believe that they should take over official maintainership of the Flatpak package in either case.

I’m not really sure of the claim regarding the slower updates because my Flatpaks update regularly. GNOME Software automatically handles it due to the integration, so as an end-user, I’ve not really noticed updates being slow (I also run Fedora 35, if that matters).

That being said, I don’t see why we can’t have both options - official repos for native packages and them taking over official maintainership of the Flatpak on Flathub.

1 Like

I’d like to see official Bitwarden management of the Flatpak version as well. I’m on a Premium Individual plan, so I’m one of those big $10/year spenders.

But FWIW, I’m a Bitwarden user and customer because of your strong Linux support.

Thanks!

4 Likes

I’m a user of the flatpak version of Bitwarden on Fedora, if Bitwarden could manage themselves the flatpak, it would be great.

So did I. Kind of surprised that the flatpak version wasn’t official already.

This is untrue, Flatpaks push updates very quickly, I am a flatpak maintainer myself. It takes 3 hours for users to recieve updates. See https://www.reddit.com/r/rotp/comments/sxx9bz/remnants_of_the_precursors_ubuntu_installation/ for example.

See App Maintenance · flathub/flathub Wiki · GitHub for documentation on this.

2 Likes

Created an account just so I could vote for this! Love Bitwarden, but won’t use the Flathub version until it’s made official. :crossed_fingers: