License is not FOSS-compatible.

[RokeJulianLockhart]

Steps To Reproduce

Attempt to compile the package to enter it into the F-Droid repository, per https://gitlab.com/fdroid/rfp/-/issues/114.

Expected Result

It should utilize a FOSS-compatible license.

Actual Result

1. sdk/LICENSE

   Lines 1 to 295 in de2a64c

   	BITWARDEN SOFTWARE DEVELOPMENT KIT LICENSE AGREEMENT
   	Version 1, 17 March 2023
   	1. Introduction
   	1.1 The Bitwarden Software Development Kit (referred to in the License Agreement
   	as the "SDK" and available for download at the following URL
   	https://github.com/bitwarden/sdk) is licensed to you subject to the terms of
   	this License Agreement. The License Agreement forms a legally binding contract
   	between you and the Company in relation to your use of the SDK.
   	1.2 "Bitwarden" means the Bitwarden software made available by the Company,
   	available for download at the following URL, as updated from time to time.
   	1.3 A "Compatible Application" means any software program or service that (i)
   	connects to and interoperates with a current version of the Bitwarden server
   	products distributed by the Company; and (ii) complies with the Company’s
   	acceptable use policy available at the following URL:
   	https://bitwarden.com/terms/#acceptable_use.
   	1.4 "Company" means Bitwarden Inc., organized under the laws of the State of
   	Delaware.
   	2. Accepting this License Agreement
   	2.1 In order to access or use the SDK, you must first agree to the License
   	Agreement. You may not access or use the SDK if you do not accept the License
   	Agreement.
   	2.2 By clicking to accept and/or accessing or using the SDK, you hereby agree to
   	the terms of the License Agreement.
   	2.3 You may not access or use the SDK and may not accept the License Agreement
   	if you are a person barred from receiving the SDK under the laws of the United
   	States or other countries, including the country in which you are resident or
   	from which you access or use the SDK.
   	2.4 If you are agreeing to be bound by the License Agreement on behalf of your
   	employer or any other entity, you represent and warrant that you have full legal
   	authority to bind your employer or such other entity to the License Agreement.
   	If you do not have the requisite authority, you may not accept the License
   	Agreement or you may not access or use the SDK on behalf of your employer or
   	other entity.
   	3. SDK License from Bitwarden
   	3.1 Subject to the terms of this License Agreement, Bitwarden grants you a
   	limited, worldwide, royalty-free, non-assignable, non-exclusive, and
   	non-sublicensable license to use the SDK solely (a) to develop, test, and
   	demonstrate a Compatible Application; (b) to develop, test, and run a Compatible
   	Application for personal use by your family; or (c) to to develop, test, and run
   	a Compatible Application for the internal business operations of your
   	organization in connection with a paid license for a Bitwarden server product,
   	provided that in no case above may the Compatible Application be offered,
   	licensed, or sold to a third party.
   	3.2 You agree that Bitwarden or third parties own all legal right, title and
   	interest in and to the SDK, including any Intellectual Property Rights that
   	subsist in the SDK. "Intellectual Property Rights" means any and all rights
   	under patent law, copyright law, trade secret law, trademark law, and any and
   	all other proprietary rights. Bitwarden reserves all rights not expressly
   	granted to you.
   	3.3 You may not use this SDK to develop applications for use with software other
   	than Bitwarden (including non-compatible implementations of Bitwarden) or to
   	develop another SDK.
   	3.4 You may not use the SDK for any purpose not expressly permitted by the
   	License Agreement. Except for contributions to Bitwarden pursuant to the
   	Contribution License Agreement available at this URL:
   	https://cla-assistant.io/bitwarden/clients, or to the extent required by
   	applicable third party licenses, you may not copy modify, adapt, redistribute,
   	decompile, reverse engineer, disassemble, or create derivative works of the SDK
   	or any part of the SDK.
   	3.5 Use, reproduction, and distribution of a component of the SDK licensed under
   	an open source software license are governed solely by the terms of that open
   	source software license and not the License Agreement.
   	3.6 You agree that the form and nature of the SDK that the Company provides may
   	change without prior notice to you and that future versions of the SDK may be
   	incompatible with applications developed on previous versions of the SDK. You
   	agree that the Company may stop (permanently or temporarily) providing the SDK
   	or any features within the SDK to you or to users generally at the Company’s
   	sole discretion, without prior notice to you.
   	3.7 Nothing in the License Agreement gives you a right to use any of the
   	Company’s trade names, trademarks, service marks, logos, domain names, or other
   	distinctive brand features.
   	3.8 You agree that you will not remove, obscure, or alter any proprietary rights
   	notices (including copyright and trademark notices) that may be affixed to or
   	contained within the SDK.
   	4. Use of the SDK by You
   	4.1 The Company agrees that it obtains no right, title, or interest from you (or
   	your licensors) under the License Agreement in or to any software applications
   	that you develop using the SDK, including any Intellectual Property Rights that
   	subsist in those applications.
   	4.2 You agree to use the SDK and write applications only for purposes that are
   	permitted by (a) the License Agreement and (b) any applicable law, regulation or
   	generally accepted practices or guidelines in the relevant jurisdictions
   	(including any laws regarding the export of data or software to and from the
   	United States or other relevant countries).
   	4.3 You agree that if you use the SDK to develop applications for other users,
   	you will protect the privacy and legal rights of those users. If the users
   	provide you with user names, passwords, or other login information or personal
   	information, you must make the users aware that the information will be
   	available to your application, and you must provide legally adequate privacy
   	notice and protection for those users. If your application stores personal or
   	sensitive information provided by users, it must do so securely. If the user
   	provides your application with Bitwarden Account information, your application
   	may only use that information to access the user's Bitwarden Account when, and
   	for the limited purposes for which, the user has given you permission to do so.
   	4.4 You agree that you will not engage in any activity with the SDK, including
   	the development or distribution of an application, that interferes with,
   	disrupts, damages, or accesses in an unauthorized manner the servers, networks,
   	or other properties or services of any third party including, but not limited
   	to, the Company, or any mobile communications carrier or public cloud service.
   	4.5 If you use the SDK to retrieve a user's data from Bitwarden, you acknowledge
   	and agree that you shall retrieve data only with the user's explicit consent and
   	only when, and for the limited purposes for which, the user has given you
   	permission to do so.
   	4.6 You agree that you are solely responsible for, and that the Company has no
   	responsibility to you or to any third party for, any data, content, or resources
   	that you create, transmit or display through Bitwarden and/or applications for
   	Bitwarden, and for the consequences of your actions (including any loss or
   	damage which Bitwarden may suffer) by doing so.
   	4.7 You agree that you are solely responsible for, and that the Company has no
   	responsibility to you or to any third party for, any breach of your obligations
   	under the License Agreement, any applicable third party contract or Terms of
   	Service, or any applicable law or regulation, and for the consequences
   	(including any loss or damage which the Company or any third party may suffer)
   	of any such breach.
   	5. Third Party Applications
   	5.1 If you use the SDK to integrate or run applications developed by a third
   	party or that access data, content or resources provided by a third party, you
   	agree that the Company is not responsible for those applications, data, content,
   	or resources. You understand that all data, content or resources which you may
   	access through such third party applications are the sole responsibility of the
   	person from which they originated and that the Company is not liable for any
   	loss or damage that you may experience as a result of the use or access of any
   	of those third party applications, data, content, or resources.
   	5.2 You should be aware that the data, content, and resources presented to you
   	through such a third party application may be protected by intellectual property
   	rights which are owned by the providers (or by other persons or companies on
   	their behalf). You acknowledge that your use of such third party applications,
   	data, content, or resources may be subject to separate terms between you and the
   	relevant third party. In that case, the License Agreement does not affect your
   	legal relationship with these third parties.
   	6. Use of Bitwarden Server
   	You acknowledge and agree that the Bitwarden server products to which any
   	Compatible Application must connect is protected by intellectual property rights
   	which are owned by the Company and your use of the Bitwarden server products is
   	subject to additional terms not set forth in this License Agreement.
   	7. Terminating this License Agreement
   	7.1 The License Agreement will continue to apply until terminated by either you
   	or the Company as set out below.
   	7.2 If you want to terminate the License Agreement, you may do so by ceasing
   	your use of the SDK and any relevant developer credentials.
   	7.3 The Company may at any time, terminate the License Agreement with you if:
   	(a) you have breached any provision of the License Agreement; or
   	(b) the Company is required to do so by law; or
   	(c) a third party with whom the Company offered certain parts of the SDK to you
   	has terminated its relationship with the Company or ceased to offer certain
   	parts of the SDK to either the Company or to you; or
   	(d) the Company decides to no longer provide the SDK or certain parts of the SDK
   	to users in the country in which you are resident or from which you use the
   	service, or the provision of the SDK or certain SDK services to you by the
   	Company is, in the Company’'s sole discretion, no longer commercially viable or
   	technically practicable.
   	7.4 When the License Agreement comes to an end, all of the legal rights,
   	obligations and liabilities that you and the Company have benefited from, been
   	subject to (or which have accrued over time whilst the License Agreement has
   	been in force) or which are expressed to continue indefinitely, shall be
   	unaffected by this cessation, and the provisions of paragraph 12.8 shall
   	continue to apply to such rights, obligations and liabilities indefinitely.
   	8. NO SUPPORT
   	The Company is not obligated under this License Agreement to provide you any
   	support services for the SDK. Any support provided is at the Company’s sole
   	discretion and provided on an "as is" basis and without warranty of any kind.
   	9. DISCLAIMER OF WARRANTIES
   	9.1 YOU EXPRESSLY UNDERSTAND AND AGREE THAT YOUR USE OF THE SDK IS AT YOUR SOLE
   	RISK AND THAT THE SDK IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF
   	ANY KIND FROM Bitwarden.
   	9.2 YOUR USE OF THE SDK AND ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED
   	THROUGH THE USE OF THE SDK IS AT YOUR OWN DISCRETION AND RISK AND YOU ARE SOLELY
   	RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR OTHER DEVICE OR LOSS OF
   	DATA THAT RESULTS FROM SUCH USE.
   	9.3 THE COMPANY FURTHER EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY
   	KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED
   	WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
   	AND NON-INFRINGEMENT.
   	10. LIMITATION OF LIABILITY
   	YOU EXPRESSLY UNDERSTAND AND AGREE THAT THE COMPANY, ITS SUBSIDIARIES AND
   	AFFILIATES, AND ITS LICENSORS SHALL NOT BE LIABLE TO YOU UNDER ANY THEORY OF
   	LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL,
   	STATUTORY, OR EXEMPLARY DAMAGES THAT MAY BE INCURRED BY YOU, INCLUDING ANY LOSS
   	OF DATA, WHETHER OR NOT THE COMPANY OR ITS REPRESENTATIVES HAVE BEEN ADVISED OF
   	OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF ANY SUCH LOSSES ARISING.
   	11. Indemnification
   	To the maximum extent permitted by law, you agree to defend, indemnify and hold
   	harmless the Company, its affiliates and their respective directors, officers,
   	employees and agents from and against any and all claims, actions, suits or
   	proceedings, as well as any and all losses, liabilities, damages, costs and
   	expenses (including reasonable attorneys fees) arising out of or accruing from
   	(a) your use of the SDK, (b) any application you develop on the SDK that
   	infringes any copyright, trademark, trade secret, trade dress, patent or other
   	intellectual property right of any person or defames any person or violates
   	their rights of publicity or privacy, and (c) any non-compliance by you with the
   	License Agreement.
   	12. General Legal Terms
   	12.1 The Company may make changes to the License Agreement as it distributes new
   	versions of the SDK. When these changes are made, the Company will make a new
   	version of the License Agreement available on the website where the SDK is made
   	available.
   	12.2 The License Agreement constitutes the whole legal agreement between you and
   	the Company and governs your use of the SDK (excluding any services or software
   	which the Company may provide to you under a separate written agreement), and
   	completely replaces any prior agreements between you and the Company in relation
   	to the SDK.
   	12.3 You agree that if the Company does not exercise or enforce any legal right
   	or remedy which is contained in the License Agreement (or which the Company has
   	the benefit of under any applicable law), this will not be taken to be a formal
   	waiver of the Company's rights and that those rights or remedies will still be
   	available to the Company.
   	12.4 If any court of law, having the jurisdiction to decide on this matter,
   	rules that any provision of the License Agreement is invalid, then that
   	provision will be removed from the License Agreement without affecting the rest
   	of the License Agreement. The remaining provisions of the License Agreement will
   	continue to be valid and enforceable.
   	12.5 You acknowledge and agree that each member of the group of companies of
   	which the Company is the parent shall be third party beneficiaries to the
   	License Agreement and that such other companies shall be entitled to directly
   	enforce, and rely upon, any provision of the License Agreement that confers a
   	benefit on them or rights in favor of them. Other than this, no other person or
   	company shall be third party beneficiaries to the License Agreement.
   	12.6 EXPORT RESTRICTIONS. THE SDK IS SUBJECT TO UNITED STATES EXPORT LAWS AND
   	REGULATIONS. YOU MUST COMPLY WITH ALL DOMESTIC AND INTERNATIONAL EXPORT LAWS AND
   	REGULATIONS THAT APPLY TO THE SDK. THESE LAWS INCLUDE RESTRICTIONS ON
   	DESTINATIONS, END USERS, AND END USE.
   	12.7 The rights granted in the License Agreement may not be assigned or
   	transferred by either you or the Company without the prior written approval of
   	the other party, provided that the Company may assign this License Agreement
   	upon notice to you in connection with an acquisition, merger, sale of assets, or
   	similar corporate change in control for the Company or the Intellectual Property
   	Rights in the SDK.
   	12.8 The License Agreement, and any dispute relating to or arising out of this
   	License Agreement, shall be governed by the laws of the State of California
   	without regard to its conflict of laws provisions. You and the Company agree to
   	submit to the exclusive jurisdiction of the courts located within the county of
   	Los Angeles, California to resolve any dispute or legal matter arising from the
   	License Agreement. Notwithstanding this, you agree that the Company shall be
   	allowed to apply for injunctive remedies, or any equivalent type of urgent legal
   	relief, in any forum or jurisdiction.

2. https://gitlab.com/fdroid/rfp/-/issues/114#note_1995138172:~:text=Given%20that%20Bitwarden%20SDK%20is%20not%20FOSS%20Bitwarden%20can't%20be%20included states:

   Given that Bitwarden SDK is not FOSS Bitwarden can't be included.

Screenshots or Videos

No response

Additional Context

No response

Operating System

Linux

Operating System Version

cpe:/o:fedoraproject:fedora:40, from https://download.fedoraproject.org/pub/fedora/linux/releases/40/Spins/x86_64/iso/Fedora-KDE-Live-x86_64-40-1.14.iso

Build Version

https://github.com/bitwarden/sdk/blob/de2a64c10b1e37091adc9eb419e5dc19c6c23971/

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[kspearrin]

There are no plans to adjust the SDK license at this time. We will continue to publish to our own F-Droid repo at https://mobileapp.bitwarden.com/fdroid/repo/

[hobbes]

woah, that probably means that the whole bitwarden suite is not really open source...

[RokeJulianLockhart]

#898 (comment)

@kspearrin, indeed - there are evidently no plans, hence the issue. This is fairly significant, considering how much of your user base value the fact that BW is FOSS.

#898 (comment)

@hobbes, I've filed an FR at https://community.bitwarden.com/t/bitwarden-is-not-foss/69734/1?u=rokejulianlockhart#:~:text=Bitwarden%20is%20not%20FOSS.

[bt4ibwem8]

There are no plans to adjust the SDK license at this time. We will continue to publish to our own F-Droid repo at https://mobileapp.bitwarden.com/fdroid/repo/

Why you do not want to change the SDK licence?

[nvllsvm]

There are no plans to adjust the SDK license at this time. We will continue to publish to our own F-Droid repo at https://mobileapp.bitwarden.com/fdroid/repo/

Thank you for continuing to publish those. It's one of the reason why I initially embraced Bitwarden.

---

Section 3.3 is particularly concerning. There's ambiguity on whether Vaultwarden would be considered an implementation of Bitwarden.

Additionally, regardless of whether it is or isn't - section 3.3 forbids use of this SDK if Vaultwarden were to no longer be considered an implementation of Bitwarden.

 1.2 "Bitwarden" means the Bitwarden software made available by the Company, 
 available for download at the following URL, as updated from time to time. 
  
 1.3 A "Compatible Application" means any software program or service that (i) 
 connects to and interoperates with a current version of the Bitwarden server 
 products distributed by the Company; and (ii) complies with the Company’s 
 acceptable use policy available at the following URL: 
 https://bitwarden.com/terms/#acceptable_use. ```

...
 
 3.3 You may not use this SDK to develop applications for use with software other 
 than Bitwarden (including non-compatible implementations of Bitwarden) or to 
 develop another SDK. 

[yikerman]

woah, that probably means that the whole bitwarden suite is not really open source...

@hobbes It doesn't mean it's not open-source. It makes Bitwarden not free-as-in-speech.

[RokeJulianLockhart]

#898 (comment)

@Xiaoyu2006, the more accurate term for this repository would be “source available”, in contrast to “source unavailable”. Any additional distinctions like “open source” or “closed source” unfortunately differ in definition from situation to situation.

Irrespective, ultimately, what we want from this issue is for BW to become FOSS, which means that its source code can be reused for any purpose (whether the author mandates accreditation or not) as https://fsfe.org/freesoftware/comparison.en.html#:~:text=Free%20Software%2C%20Open%20Source%2C%20FOSS%2C%20FLOSS%20%2D%20same%20but%20different explains.

Consequently, a discussion of semantics isn't particularly useful, although I'm thankful for the specification.

[xlionjuan]

bitwarden/clients#11611
From Bitwarden's response, we can tell that they are willing to suppress freedom of speech at all costs in order to keep the software closed-source.

[RokeJulianLockhart]

Unfortunately, misconceptions appear to abound here. In retrospect, the premise of this issue that I created is included. Hopefully the undermentioned quotations at least provide some clarity:

1. Comment #1

   Hi, Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.

   1. the SDK and the client are two separate programs
   2. code for each program is in separate repositories
   3. the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3

   Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.

2. Comment #2

   Everything that we do has not been open source for many years now. We have several business/enterprise products that we sell under a proprietary source available license. Essentially an open core model. We have no plans to change that strategy.

I understand this rationale, to an extent:

Comment #3

People here are thinking this is going closed source, which is not the case. "Free software" is a very specific thing that usually means a permissive (ex: BSD) or 'copyleft' (GPL-like) license. You can still look through the code and find vulnerabilities. You can still download the code and compile it. What you have lost is distributing forks.

This usually means they are afraid of competitors essentially cloning their technology or their concerned about their identity (name, trademark, etc) being used in products they don't have any control over and could create negative publicity. The last thing you'd want is someone from some corner of the world releasing something like a Bitwarden-compatible server that steals your passwords. Mozilla has had the same concerns about Firefox for a long time, though they simply restricted use of the name if built not to Mozilla's spec.

However, to have such an important dependency of otherwise entirely FOS software be non-FOSS appears disingenuous when the advertisements explicitly state not that the software adheres to the GPLv3, but that it's FOSS. Bitwarden can utilize the legal definition instead, but to advertise software as FOSS when it's at best solely so in a technically legal sense shan't be thought of well by those who learn of it.

I dare say that BW may have to cope with the Streissand effect from now onward.

Lastly, I suggest that everyone subscribed here at least upvote the undermentioned response to the last aforementioned comment, so that we might gain some more clarity:

Comment #2.1

Would making the SDK also follow the GPL both alleviate everyone's concerns, while still allowing bitwarden to reserve it's rights with the source available license for enterprise products?

[sastromo]

@RokeJulianLockhart thanks for the clarification!
(I removed my previous comment that was clearly based on wrong assumptions)

[My1]

is there no way to keep clients without the SDK as has been done all the time so they can be fully open source without needing this source available extra thing that makes some things kinda annoying?

[RokeJulianLockhart]

#898 (comment)

@My1, it's certainly possible if someone forks the client soon, and maintains that fork. Considering that the PR to implement the SDK was recent, I would be very surprised if the major refactor to implement the SDK's methods (replacing existent methods) couldn't be undone without losing near feature parity. However, the longer that the last commit without the SDK is left without maintenance in a fork, the more difficult that it becomes to revive it.

Without a maintained fork soon, anyone who wishes to create a client that doesn't use the SDK may realize that it might be more trivial to write an entirely new client with a cross-platform language (like .NET Framework via C#, Java, or Python 3) and GUI toolkit (like Qt 6).

[distransient]

There are no plans to adjust the SDK license at this time. We will continue to publish to our own F-Droid repo at https://mobileapp.bitwarden.com/fdroid/repo/

You've effectively made it impossible for third parties to distribute any derivatives of your own GPL'd repositories which depend on the SDK code, especially where its contents have been obfuscated, according to the GPL (Section 1):

The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.

Continued (Section 6):

You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:

You cannot have your cake and eat it, do you want to release open source software or not? Historically, software that tries to sit on the fence in the middle has for the most part not endured, usually being superseded by software written under less bizarre models. In this case, there is not even a difficult to get past hardware dependence for these programs, which can easily be replaced readily with already existing, truly open alternatives. I at least know I shouldn't stake my own confidence in those who are unsure what they even want to happen with derivatives of their software.

[julian-klode]

As Bitwarden has combined this work with the client applications into a combined work said to be distributed under the GPL-3, the license terms on the SDK as part of the clients corresponding source must be considered further restrictions as defined in the GPL, and as such the license is null and void as per section 7:

If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term

[RokeJulianLockhart]

#898 (comment)

@julian-klode, have you read this comment by a developer involved, as aforecited? I ask because it appears to contradict what you have stated.

[julian-klode]

The claim is rather absurd. While ultimately that's for judges to decide and I don't know precedent, the intent of the license is to allow two programs to communicate over standard interfaces without both needing to be GPL. Make no mistake, this is not what happens here, the SDK is directly embedded and called in shared memory, so as is the common understanding (and this is a very common case, to import one module into another) they constitute a combined work.

You can find a detailed explainer in

https://www.gnu.org/licenses/gpl-faq.en.html#MereAggregation

[My1]

If the are truly Seperate programs it's be a pretty weird architecture as the program needs a like api or whatever to connect to thw sdk which then in turn connects to the server, seems a very intentional thing to me.

If it's just linked as a dll or whatever GPL's infecting iirc might get fun again

[TheScreechingBagel]

woah, that probably means that the whole bitwarden suite is not really open source...

@hobbes It doesn't mean it's not open-source. It makes Bitwarden not free-as-in-speech.

the most commonly accepted definition for "open source" is the OSI OSD, which, similar to the FSF Free Software Definition, requires the freedom to (re)distribute derived works:
https://opensource.org/osd
Licensing not meeting these basic criteria should not in good faith be called "open source"

[RokeJulianLockhart]

#898 (comment)

@kspearrin, I forgot to mention this earlier, but this issue should be closed as "unplanned", not https://github.com/bitwarden/sdk/issues?q=reason%3Acompleted.

[RokeJulianLockhart]

#898 (comment)

The mobile client is again suitable for inclusion in F-Droid, per https://gitlab.com/fdroid/rfp/-/issues/114#note_cf629f7d0a0499cc0e57963e883018da5bfcc712. Shall hide #898 (comment) as resolved.

Specifically, bitwarden/clients#11611 (comment) states (formatting-modified):

We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included. The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

The original sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.

Summarily, solely this repository's contents – the secrets portion of the SDK – should now be non-FOSS, and are packaged separately to the rest of the SDK, which none of the clients reference anymore, consequently.

An important improvement. Of course, if I've interpreted that comment correctly.

Crossposted to https://community.bitwarden.com/t/bitwarden-is-not-foss/69734/2?u=rokejulianlockhart#:~:text=rokejulianlockhart:-,Bitwarden%20isn%E2%80%99t%20FOSS%2C%20because%20the,I%E2%80%99ve%20interpreted%20that%20comment%20correctly.,-Reply.