o get messaging sorted o try to write up a registry-based exe version checker., o Decouple install from check: they are not necessarily related. o Generate newer, better objects internally. o Generate new, better formats for existing 'exe' items o Generate command items properly. - Better version comparison. - should thandy auto-clean its cache? should there be a new 'thandy clean' way to call it? should it be a command-line option, on by default? the last one seems best. after a successful install, i would think thandy could just remove the installer. unless we want to keep it around for repairs or something. even then, after a succesful install, it might as well automatically remove all packages older than the one it just installed. edmanm: you can repair without a copy of the package laying around. no need to keep them. - Security stuff that we should do 1 Check SSL certs or something in urllib2. Not that Thandy really cares about repositories getting mitm'd. 3 Notice exceptionally slow bandwidths; treat as failure-like. 5 Make sure we actually verify that timestamps in files listed in ts file match ts file's declared timestamps for them. Spec this. 6 Never replace a file with one that has an older timestamp. Spec this. 7D Fallback locations to find starting metafiles in, if we don't have any cached yet. - Security stuff that we should do that needs format changes. . Whenever we list a hash in a metafile, also list a file length. o Implement parsing; use length, when present, as a maximum believable value to make sure we don't download too much o Include lengths in generated packages and bundles . Specify use of length field. o Once everybody has been wanted to update their clients, include lengths in timestamp files. - Make lengths mandatory - Maybe make lengths enforced for purposes other than a maximum during fetch. - Maybe stop early if Content-Length is greater than the expected length. - Think more about issues 4, 7(A,B,C) - Missing packaging features: - Generate multi-item packages properly. - Transition better for checking on a given item - Implement remove - Get RPM actually more tested - Get install-from-compressed-file working. - Transaction support where available. - OSX backend . Download improvements. o Back off on download failure. o Handle full stalled file in download. - Use if-modified-since on timestamp - Better configurability: let users override mirrors, keys, etc. - Proper exponential back-off on download backend. - (low priority) some way to delete a package/bundle/etc from the repository. i know that once we add stuff we shouldn't remove it lightly, but if somebody accidentally adds a really high version of something, we will fix it by scrapping the repository and re-inserting everything from the ground up, and that would suck too. - Wrapping - More unit tests . Documentation - More comments, more tests . full pydoc - Testing - Much bigger unit tests.