Open Sourcing our SDKs

Last week, we decided to open source our client SDKs in an effort to provide better transparency into our technology and offer our customers the smoothest integration possible. You can find the iOS SDK and Android SDK on our public Github. If you’re curious, our developer documentation can be found here.

Reasons for Open Sourcing

One reason we decided to open source our SDKs is to allow for a more seamless integration experience. Many of our partners have questions about why their app was behaving a certain way, often pointing to certain method calls in our SDK. By open sourcing the SDK, we’re allowing anyone to build our SDK themselves and debug our SDK code from within their own apps.

Another reason we open sourced our SDKs is to offer greater transparency to our customers. We would like partners to have the ability to look over our source code, point out any potential problems, or even contribute to a feature they might want developed.

Steps We Took to Open Source

  1. We looked at existing OSS licenses but after talking to our legal department we decided we needed something more custom. Our custom license is now posted on our Github page(more about open source licenses here).
  2. We looked through our repositories for sensitive information. There were some instances of sensitive information being stored in the repo, so we disabled those keys and secrets.
  3. To be extra safe, we decided to rewrite our git history to remove all instances of sensitive information. We used an open source tool call BFG Repo-Cleaner, which is a simple, faster alternative to git-filter-branch. Note: BFG Repo-Cleaner only removes files in history, so if you currently have a file checked in, you must remove the file first before using BFG Repo-Cleaner. Here is an example of the commands we ran:

    1
    2
    3
    4
    5
    
      git clone --mirror git@github.com:sharethrough/repo-to-open-source.git
      bfg --delete-files id_{dsa,rsa}  repo-to-open-source.git
      cd repo-to-open-source.git
      git reflog expire --expire=now --all && git gc --prune=now --aggressive
      git push
    
  4. Finally, we updated our CI systems. Since we use Travis CI, our now public repos are now being built on travis-ci.org. We enabled new build projects and verified our artifacts were being built properly.