Implement lengths in thandy objects, mostly:

Accept them, and when they're present, don't fetch more bytes than
specified, since that would be dangerous.  Include lengths in every
generated object type except for the timestamp, since that would break
exising code.

git-svn-id: file:///home/or/svnrepo/updater/trunk@17629 55e972cd-5a19-0410-ae62-a4d7a52db4cd

1 files changed, 12 insertions, 1 deletions

diff --git a/TODO b/TODO
index ce1f126..10e8627 100644
--- a/TODO
+++ b/TODO
@@ -28,7 +28,18 @@ o Decouple install from check: they are not necessarily related.
     any cached yet.
 
 - Security stuff that we should do that needs format changes.
-  2 Whenever we list a hash in a metafile, also list a file length.
+  . Whenever we list a hash in a metafile, also list a file length.
+    o Implement parsing; use length, when present, as a maximum
+      believable value to make sure we don't download too much
+    o Include lengths in generated packages and bundles
+    . Specify use of length field.
+    - Once everybody has been wanted to update their clients, include
+      lengths in timestamp files.
+    - Make lengths mandatory
+    - Maybe make lengths enforced for purposes other than a maximum
+      during fetch.
+    - Maybe stop early if Content-Length is greater than the expected
+      length.
 
 - Think more about issues 4, 7(A,B,C)