[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Re[2]: TorPark mentioned on BoingBoing



On Wed, 2006-05-10 at 06:09 -0700, Eric H. Jung wrote:
> Perhaps this has already been made clear to others, but it's becoming
> more apparent to me that Torpark is an installer/configuration script.
> IOW, there *is* no other source code unique to Torpark except the NSI
> installation script. Perhaps when people download the tarball and see
> only the NSI and an INI file, they think that they're being cheated
> (i.e., where's the C/C++, python, java, or php code?)
> 
> Steve: Are you still interested in bundling FoxyProxy with Torpark?

It's perhaps important to describe what you're talking about.

Torpark is a single executable binary (Torpark.exe).

When run, it expands and creates a folder with Firefox, Tor, various
plugins and some other files.

That isn't the issue here. That in itself is a pretty neat idea and
kudos to the person who came up with such a grand idea. It seems like
when done correctly, it's a powerful tool.

What seems to be the root of the issue is the so called "source"
tarball. Namely, the above binary distributes Portable Firefox, Firefox,
Tor and some various plugins.

The source tarball (source_torpark_1.5.0.2b.tar) contains these files:
Torpark.gif  TORPARK_LICENSE.doc FIREFOX_LICENSE.doc Torpark.ico
Torpark.nsi PORTABLEFF_LICENSE.doc Torpark.ini

It is not enough to merely link the front page of Torpark to the
websites of the other software. The source tarball should probably
include at the least a copy of the tor license. The other software may
or may not need a source code mirror depending on build information.

As there is currently no information on how the build was created. I
know that it uses the Nullsoft installer but I don't know how the
included tor binaries or the firefox binaries were built and packaged
before the Nullsoft installer packaged it.

Without that information and without including the licenses, it seems
rude. It's fishy at best.

It doesn't help when the author makes statements like this:

"With the NSI file, and providing a gif image for the splash screen, it
will fully compile Torpark.exe. I can provide the torpark splash screen
image, but you might not be able to get the same hash because NSIS
compiler has different compressions. I believe the one I used was LMZ
Solid."
( as taken from a small thread on bb 
http://www.boingboing.net/2006/05/09/torpark_anonymizing_.html )

So if we're told how the build environment is created, we still might
get different checksums? Huh?

-- 
Jake Appelbaum <jacob@xxxxxxxxxxxxx>

Attachment: signature.asc
Description: This is a digitally signed message part