Opened 13 months ago

Last modified 12 months ago

#32024 new defect

In tor-android-services, document where the code we imported comes from

Reported by: boklm Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile
Cc: sisbell Actual Points:
Parent ID: #32069 Points:
Reviewer: Sponsor:


In tor-android-service, we have commit 36f9873ff075253f4c1c9e394c91031fd4ba9d4a which is adding a bunch of code:

However it seems that this code has been taken from various other places, but there is no indication of where.

Ideally we would have kept history of the projects we imported code from (for example with git filter-branch), or just used sub-modules if we did not modify them. But since we didn't do that, I think we should at least put somewhere the information about where all the code we include comes from.

For example the jsocksAndroid directory seems to be imported from or maybe, but there is no indication of that, or which commit was used. The directory service/ looks similar to, but there is no indication that it was imported from there, or which commit was used.

I am also wondering why we have both jsocksAndroid/ and external/jsocks/.

We also have a LICENSE file containing the Apache License, but it is unclear to what it applies since this is neither the license of Orbot of jsocks.

Child Tickets

Change History (4)

comment:1 Changed 13 months ago by gk

Keywords: tbb-mobile added

comment:2 Changed 12 months ago by sisbell

Parent ID: #32069

comment:3 Changed 12 months ago by sisbell

In regards to jSocks, that will be removed #32075

comment:4 Changed 12 months ago by sisbell

I can tell from the history of changes that I took the commit from Dec 14th, 2018.


In regards to licensing, this is a much bigger issue than just tor-android-service. We should be including a licensing page in the Android version of Tor Browser, which means we will need to track the licenses of all dependencies, including gradle dependencies. There are some plugins which can help pull this in.

Orbot has its file here: (although this isn't complete from a binary dependency issue, just the main ones).

The Apache License would just cover the changes I made to Orbot, while those bits that are not changed are covered by a compatible BSD style liscense.(if we have a Tor license I can put that in instead).

Note: See TracTickets for help on using tickets.