[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10009 [Tor bundles/installation]: rethink the dependencies handling of PTBB
#10009: rethink the dependencies handling of PTBB
------------------------------------------+-----------------
Reporter: infinity0 | Owner: dcf
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------------------------+-----------------
Comment (by dcf):
Replying to [ticket:10009 infinity0]:
> The heavy amount of custom shell script just to get dependencies scares
me and is a maintenance liability. py2exe at least automatically includes
transitive deps in the build. I had a look at
[http://docs.python.org/2/library/modulefinder.html âmodulefinder] but it
is behaving in a weird way - for example, running my attached script on
flashproxy-client for some reason gives setuptools as a dependency. There
are also many false negatives due to conditional-imports, a feature unique
to python.
I think the main reason we copy packages individually and manually is that
we need to be careful to comply with the licenses of all the software we
ship. Usually all it takes is including a copy of their license and
copyright notice. We also, as you say, want to be careful about not
including packages that are not really needed, just for size reasons.
One way would perhaps be to use modulefinder along with hints, like py2exe
uses. Often you have to tell py2exe about specific packages to include or
exclude. We could add special guard code to check if anything got copied
in that we don't expect (that we might need a license for).
> Also, do we have some usage statics for the GNU/Linux bundles? I should
think most people use their distro's package manager for this... For Mac
OS X we have to do a custom package in any case. :(
Do you mean, are people using distro packages to run the Tor Browser
Bundle, rather than downloading the binary tarball? I think that practice
is not recommended, because Tor Browser isn't packaged, and it's dangerous
to try to hook up a different browser to Tor. There is a ticket or other
discussion somewhere about packaging Tor Browser for Debian or Ubuntu.
(Micah Lee made [https://github.com/micahflee/torbrowser-launcher a
package] that repacks the torproject.org bundles, but that's a bit
different.)
If you mean, why can't we just rely on already installed packages for some
of the dependencies of the bundle, but it also means people would have to
`apt-get install python-twisted` and a bunch of other things before using
the bundle, and would prevent you from, for example, running a copy of the
bundle from a USB drive on someone else's computer.
I don't know of any usage counts and I suspect none exist (by design). I
use the GNU/Linux bundles...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10009#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs