From ec54f74b76b766474b375378aa5a7b752b8cf26c Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 8 Dec 2008 01:39:27 +0000 Subject: Add some issues to Thandy TODO; remove completed items git-svn-id: file:///home/or/svnrepo/updater/trunk@17518 55e972cd-5a19-0410-ae62-a4d7a52db4cd --- TODO | 92 +++++++++++++------------------------------------------------------- 1 file changed, 17 insertions(+), 75 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index 0f99e94..8b60a15 100644 --- a/TODO +++ b/TODO @@ -5,6 +5,23 @@ o Decouple install from check: they are not necessarily related. o Generate new, better formats for existing 'exe' items o Generate command items properly. +- Better version comparison. + +- Security stuff that we should do + 1 Check SSL certs or something in urllib2. Not that Thandy really cares + about repositories getting mitm'd. + 3 Notice exceptionally slow bandwidths; treat as failure-like. + 5 Make sure we actually verify that timestamps in files listed in ts + file match ts file's declared timestamps for them. Spec this. + 6 Never replace a file with one that has an older timestamp. Spec this. + 7D Fallback locations to find starting metafiles in, if we don't have + any cached yet. + +- Security stuff that we should do that needs format changes. + 2 Whenever we list a hash in a metafile, also list a file length. + +- Think more about issues 4, 7(A,B,C) + - Missing packaging features: - Generate multi-item packages properly. - Transition better for checking on a given item @@ -19,24 +36,6 @@ o Decouple install from check: they are not necessarily related. o Handle full stalled file in download. - Use if-modified-since on timestamp -o Write client-side code - o Decide early if a python implementation will do for v1. - o Adjust httplib, urllib2 to use socks4a. - o Check SOCKS package for suitability as basis for socks4a support? - o Look into best packaging practices - - o Write code to run, telling another process about status, - eventually coming up with a list of packages to install or an - "A-OK" signal. - - D GUI - - o DL-via-Tor - o Install-when-done - o Verbose output - o quiet output. - X Rendezvous-back with Tor when done. - - Better configurability: let users override mirrors, keys, etc. - Proper exponential back-off on download backend. @@ -45,65 +44,8 @@ o Write client-side code . Documentation - More comments, more tests - o Document EXE and RPM formats in HOWTO. . full pydoc - . revise spec - Testing - Much bigger unit tests. -o Bugs Roger keeps noticing - o you can add the same role to a key twice. - o wishlist item: thandy-pk dumpkey-all - o Already there: Run "thandy-pk dumpkey" with no arguments - -- Confusing tracebacks that could use a check and error message: - -If you type the wrong password, -Traceback (most recent call last): - File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p -y", line 313, in ? - main() - File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p -y", line 308, in main - globals()[cmd](args) - File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p -y", line 202, in keygen - k.load() - File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py", -line 385, in load - contents = decryptSecret(contents, password) - File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py", -line 343, in decryptSecret - raise thandy.BadPassword() -thandy.BadPassword - - [ I maintain that BadPassword _is_ an error message. I'll make it say - "Password Incorrect", though, so it looks less like a bug.] - - -when your ~/.thandy/timestamp_key didn't get the secret key dumped too, -thandy@moria:~$ thandy-server timestamp -Traceback (most recent call last): - File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p -y", line 191, in ? - main() - File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p -y", line 186, in main - globals()[cmd](args) - File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p -y", line 166, in timestamp - keylist = thandy.formats.makeKeylistObj(ts_keyfile, True) - File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/formats.py -", line 752, in makeKeylistObj - klist.append({'key': k.format(private=includePrivate), 'roles' : k.getRoles( -) }) - File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py", -line 189, in format - result['d'] = intToBase64(self.key.d) - File "/usr/lib/python2.4/site-packages/Crypto/PublicKey/RSA.py", line 154, in -__getattr__ - return getattr(self.key, attr) -AttributeError: rsaKey instance has no attribute 'd' - - [ Gives a more descriptive error now. ] -- cgit v1.2.3