From d15423810edc1ca5337b060ecc35425475b4e439 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 26 Aug 2010 11:12:12 -0400 Subject: note that the Thandy TODO has migrated to trac --- TODO | 80 ++------------------------------------------------------------------ 1 file changed, 2 insertions(+), 78 deletions(-) diff --git a/TODO b/TODO index 6fec3a3..71c0c7e 100644 --- a/TODO +++ b/TODO @@ -1,79 +1,3 @@ -o get messaging sorted -o try to write up a registry-based exe version checker., -o Decouple install from check: they are not necessarily related. - o Generate newer, better objects internally. - o Generate new, better formats for existing 'exe' items - o Generate command items properly. - -- Better version comparison. - -- should thandy auto-clean its cache? should there be a new 'thandy - clean' way to call it? should it be a command-line option, on by - default? the last one seems best. - after a successful install, i would think thandy could just - remove the installer. unless we want to keep it around for repairs - or something. even then, after a succesful install, it might as well - automatically remove all packages older than the one it just installed. - edmanm: you can repair without a copy of the package - laying around. no need to keep them. - -- Security stuff that we should do - 1 Check SSL certs or something in urllib2. Not that Thandy really cares - about repositories getting mitm'd. - 3 Notice exceptionally slow bandwidths; treat as failure-like. - 5 Make sure we actually verify that timestamps in files listed in ts - file match ts file's declared timestamps for them. Spec this. - 6 Never replace a file with one that has an older timestamp. Spec this. - 7D Fallback locations to find starting metafiles in, if we don't have - any cached yet. - -- Security stuff that we should do that needs format changes. - . Whenever we list a hash in a metafile, also list a file length. - o Implement parsing; use length, when present, as a maximum - believable value to make sure we don't download too much - o Include lengths in generated packages and bundles - . Specify use of length field. - o Once everybody has been wanted to update their clients, include - lengths in timestamp files. - - Make lengths mandatory - - Maybe make lengths enforced for purposes other than a maximum - during fetch. - - Maybe stop early if Content-Length is greater than the expected - length. - -- Think more about issues 4, 7(A,B,C) - -- Missing packaging features: - - Generate multi-item packages properly. - - Transition better for checking on a given item - - Implement remove - - Get RPM actually more tested - - Get install-from-compressed-file working. - - Transaction support where available. - - OSX backend - -. Download improvements. - o Back off on download failure. - o Handle full stalled file in download. - - Use if-modified-since on timestamp - -- Better configurability: let users override mirrors, keys, etc. -- Proper exponential back-off on download backend. - -- (low priority) some way to delete a package/bundle/etc from - the repository. i know that once we add stuff we shouldn't - remove it lightly, but if somebody accidentally adds a really - high version of something, we will fix it by scrapping the - repository and re-inserting everything from the ground up, and - that would suck too. - -- Wrapping - - More unit tests - -. Documentation - - More comments, more tests - . full pydoc - -- Testing - - Much bigger unit tests. +There is no longer a TODO file here; see + https://trac.torproject.org/projects/tor/wiki/projects/Thandy -- cgit v1.2.3