Opened 7 months ago

Last modified 7 months ago

#33773 new defect

Add Tor Browser-specific licenses in about:license

Reported by: sysrqb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam202006
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This idea came out of #33771 and #33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by about:license, and we could use about:license for the additional licenses we must ship, as well. Currently those Tor Browser-specific licenses are controlled by tor-browser-build and they are included as text files at build-time. Extending about:license is a good idea.

The main disadvantage I see is downstream projects who take a tor browser package and re-use all of the tor parts but they don't use the browser. We could achieve this by continuing with adding licenses in text files and then patching them into tor-browser's toolkit/content/license.html at build time. I'm not very excited about the additional complexity this would require, though.

Child Tickets

Change History (3)

comment:1 Changed 7 months ago by rbonifaz

Hi,

We are creating a VoIP system called Wahay (https://wwww.wahay.org). It combines a local Mumble server that is publish via Tor Onion services. Any user can host a server and other people can join the server with the Onion address.

At the moment it works in Linux and we have different ways to installed it. One of those ways is a Bundle that ships both Mumble and Tor binaries. For the Tor case we decided to extract the Tor directory inside the Tor Browser Bundle distribution. That directory includes Tor and some libraries to make Tor portable. It works pretty well in all linux distributions with tested so far.


In the directory "tor-browser_en-US/Browser/TorBrowser/Tor" there are the following files:

  • libcrypto.so.1.1
  • libevent-2.1.so.6
  • libssl.so.1.1
  • tor

And the following directories:

  • libstdc++
  • PluggableTransports

In the "tor-browser_en-US/Browser/TorBrowser/Docs/Licenses" directory there are the following files:

  • Firefox.txt
  • HTTPS-Everywhere.txt
  • NoScript.txt
  • Noto-CJK-Font.txt
  • Noto-Fonts.txt
  • Torbutton.txt
  • Tor-Launcher.txt
  • Tor.txt

And the directory

  • PluggableTransports

From this, my understanding is that the licenses for the binaries and libraries are:

Last edited 7 months ago by rbonifaz (previous) (diff)

comment:2 in reply to:  1 Changed 7 months ago by boklm

Replying to rbonifaz:

From this, my understanding is that the licenses for the binaries and libraries are:

  • libcrypto.so.1.1 -> not sure

libcrypto comes from OpenSSL.

  • libevent-2.1.so.6 -> not sure

With #33771 we add the license in Libevent.txt.

  • libssl.so.1.1 -> There is a mention of Openssl in Tor.txt. Is that enough?

OpenSSL license is included in PluggableTransports/LICENSE (although it is used by Tor even when not using pluggable transports).

Note: See TracTickets for help on using tickets.