Open-source information - how open source is it

Bitwarden is advertised as open source. However, many features are not available in the free version, e.g. MFA. There are other password managers advertised as open source, but when looked at more closely only the free version is open source, and the paid versions are not (or some features are not open source). A couple of questions:

  1. Is all source code available for review, including for the features that are not available for the free version?

  2. Am I able to compile my own client executable from source for the paid versions and, if yes, will that yield the same byte code as the executables available for download from Bitwarden?

All the Bitwarden clients and the server code is open source. This includes the premium features. The source code is available on Bitwarden · GitHub

Yes

1 Like

Thanks for answering. That’s nice.

“Yes” to both questions (byte code included) or “yes and no”? I’m aware it depends on compiler version etc but I’m interested in reproducing the same byte code when using the same compiler (and same statically linked libraries, if any)

Out of curiosity, has anyone on this forum compiled their own version to confirm?

I don’t know the technical details. Sorry.

Hi @bitbar it’s all there in the link @vachan provided. Have a look at the README.md and SETUP.md (if present) of the specific repository. The builds get executed via Github Workflows, which are also included in the repositories (.github/workflows/build.yml).

Kind regards
Daniel

3 Likes

Bitwarden is winning me over. I may even contribute - I noticed you have a section about Github contributions. I’m interested in adding separate protection to TOTP codes to secure against attacks where someone gets access to the vault passwords, e.g. someone snatching the phone after I opened the vault (low likelihood notwithstanding).

3 Likes

Thanks @bitbar - feel free to start a topic for your contribution!