1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
o get messaging sorted
o try to write up a registry-based exe version checker.,
o Decouple install from check: they are not necessarily related.
o Generate newer, better objects internally.
o Generate new, better formats for existing 'exe' items
o Generate command items properly.
- Better version comparison.
- <arma> should thandy auto-clean its cache? should there be a new 'thandy
clean' way to call it? should it be a command-line option, on by
default? the last one seems best.
<edmanm> after a successful install, i would think thandy could just
remove the installer. unless we want to keep it around for repairs
or something. even then, after a succesful install, it might as well
automatically remove all packages older than the one it just installed.
<coderman> edmanm: you can repair without a copy of the package
laying around. no need to keep them.
- Security stuff that we should do
1 Check SSL certs or something in urllib2. Not that Thandy really cares
about repositories getting mitm'd.
3 Notice exceptionally slow bandwidths; treat as failure-like.
5 Make sure we actually verify that timestamps in files listed in ts
file match ts file's declared timestamps for them. Spec this.
6 Never replace a file with one that has an older timestamp. Spec this.
7D Fallback locations to find starting metafiles in, if we don't have
any cached yet.
- Security stuff that we should do that needs format changes.
. Whenever we list a hash in a metafile, also list a file length.
o Implement parsing; use length, when present, as a maximum
believable value to make sure we don't download too much
o Include lengths in generated packages and bundles
. Specify use of length field.
o Once everybody has been wanted to update their clients, include
lengths in timestamp files.
- Make lengths mandatory
- Maybe make lengths enforced for purposes other than a maximum
during fetch.
- Maybe stop early if Content-Length is greater than the expected
length.
- Think more about issues 4, 7(A,B,C)
- Missing packaging features:
- Generate multi-item packages properly.
- Transition better for checking on a given item
- Implement remove
- Get RPM actually more tested
- Get install-from-compressed-file working.
- Transaction support where available.
- OSX backend
. Download improvements.
o Back off on download failure.
o Handle full stalled file in download.
- Use if-modified-since on timestamp
- Better configurability: let users override mirrors, keys, etc.
- Proper exponential back-off on download backend.
- (low priority) some way to delete a package/bundle/etc from
the repository. i know that once we add stuff we shouldn't
remove it lightly, but if somebody accidentally adds a really
high version of something, we will fix it by scrapping the
repository and re-inserting everything from the ground up, and
that would suck too.
- Wrapping
- More unit tests
. Documentation
- More comments, more tests
. full pydoc
- Testing
- Much bigger unit tests.
|
