On Wed, 2006-05-10 at 06:09 -0700, Eric H. Jung wrote: > Perhaps this has already been made clear to others, but it's becoming > more apparent to me that Torpark is an installer/configuration script. > IOW, there *is* no other source code unique to Torpark except the NSI > installation script. Perhaps when people download the tarball and see > only the NSI and an INI file, they think that they're being cheated > (i.e., where's the C/C++, python, java, or php code?) > > Steve: Are you still interested in bundling FoxyProxy with Torpark? It's perhaps important to describe what you're talking about. Torpark is a single executable binary (Torpark.exe). When run, it expands and creates a folder with Firefox, Tor, various plugins and some other files. That isn't the issue here. That in itself is a pretty neat idea and kudos to the person who came up with such a grand idea. It seems like when done correctly, it's a powerful tool. What seems to be the root of the issue is the so called "source" tarball. Namely, the above binary distributes Portable Firefox, Firefox, Tor and some various plugins. The source tarball (source_torpark_1.5.0.2b.tar) contains these files: Torpark.gif TORPARK_LICENSE.doc FIREFOX_LICENSE.doc Torpark.ico Torpark.nsi PORTABLEFF_LICENSE.doc Torpark.ini It is not enough to merely link the front page of Torpark to the websites of the other software. The source tarball should probably include at the least a copy of the tor license. The other software may or may not need a source code mirror depending on build information. As there is currently no information on how the build was created. I know that it uses the Nullsoft installer but I don't know how the included tor binaries or the firefox binaries were built and packaged before the Nullsoft installer packaged it. Without that information and without including the licenses, it seems rude. It's fishy at best. It doesn't help when the author makes statements like this: "With the NSI file, and providing a gif image for the splash screen, it will fully compile Torpark.exe. I can provide the torpark splash screen image, but you might not be able to get the same hash because NSIS compiler has different compressions. I believe the one I used was LMZ Solid." ( as taken from a small thread on bb http://www.boingboing.net/2006/05/09/torpark_anonymizing_.html ) So if we're told how the build environment is created, we still might get different checksums? Huh? -- Jake Appelbaum <jacob@xxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part