diff options
| author | Nick Mathewson <nickm@torproject.org> | 2010-08-26 11:12:12 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2010-08-26 11:12:12 -0400 |
| commit | d15423810edc1ca5337b060ecc35425475b4e439 (patch) | |
| tree | 36f67c3f3d90ba604adb08441fd36c5209e9016d | |
| parent | bbb6cb5fe6a61aa0975dcd9df11f9f648f6abba2 (diff) | |
note that the Thandy TODO has migrated to trac
| -rw-r--r-- | TODO | 80 |
1 files changed, 2 insertions, 78 deletions
@@ -1,79 +1,3 @@ -o get messaging sorted -o try to write up a registry-based exe version checker., -o Decouple install from check: they are not necessarily related. - o Generate newer, better objects internally. - o Generate new, better formats for existing 'exe' items - o Generate command items properly. - -- Better version comparison. - -- <arma> should thandy auto-clean its cache? should there be a new 'thandy - clean' way to call it? should it be a command-line option, on by - default? the last one seems best. - <edmanm> after a successful install, i would think thandy could just - remove the installer. unless we want to keep it around for repairs - or something. even then, after a succesful install, it might as well - automatically remove all packages older than the one it just installed. - <coderman> edmanm: you can repair without a copy of the package - laying around. no need to keep them. - -- Security stuff that we should do - 1 Check SSL certs or something in urllib2. Not that Thandy really cares - about repositories getting mitm'd. - 3 Notice exceptionally slow bandwidths; treat as failure-like. - 5 Make sure we actually verify that timestamps in files listed in ts - file match ts file's declared timestamps for them. Spec this. - 6 Never replace a file with one that has an older timestamp. Spec this. - 7D Fallback locations to find starting metafiles in, if we don't have - any cached yet. - -- Security stuff that we should do that needs format changes. - . Whenever we list a hash in a metafile, also list a file length. - o Implement parsing; use length, when present, as a maximum - believable value to make sure we don't download too much - o Include lengths in generated packages and bundles - . Specify use of length field. - o Once everybody has been wanted to update their clients, include - lengths in timestamp files. - - Make lengths mandatory - - Maybe make lengths enforced for purposes other than a maximum - during fetch. - - Maybe stop early if Content-Length is greater than the expected - length. - -- Think more about issues 4, 7(A,B,C) - -- Missing packaging features: - - Generate multi-item packages properly. - - Transition better for checking on a given item - - Implement remove - - Get RPM actually more tested - - Get install-from-compressed-file working. - - Transaction support where available. - - OSX backend - -. Download improvements. - o Back off on download failure. - o Handle full stalled file in download. - - Use if-modified-since on timestamp - -- Better configurability: let users override mirrors, keys, etc. -- Proper exponential back-off on download backend. - -- (low priority) some way to delete a package/bundle/etc from - the repository. i know that once we add stuff we shouldn't - remove it lightly, but if somebody accidentally adds a really - high version of something, we will fix it by scrapping the - repository and re-inserting everything from the ground up, and - that would suck too. - -- Wrapping - - More unit tests - -. Documentation - - More comments, more tests - . full pydoc - -- Testing - - Much bigger unit tests. +There is no longer a TODO file here; see + https://trac.torproject.org/projects/tor/wiki/projects/Thandy |