[or-cvs] r17518: {updater} Add some issues to Thandy TODO; remove completed items (updater/trunk)

nickm at seul.org nickm at seul.org
Mon Dec 8 01:39:28 UTC 2008


Author: nickm
Date: 2008-12-07 20:39:27 -0500 (Sun, 07 Dec 2008)
New Revision: 17518

Modified:
   updater/trunk/TODO
Log:
Add some issues to Thandy TODO; remove completed items

Modified: updater/trunk/TODO
===================================================================
--- updater/trunk/TODO	2008-12-08 00:14:13 UTC (rev 17517)
+++ updater/trunk/TODO	2008-12-08 01:39:27 UTC (rev 17518)
@@ -5,6 +5,23 @@
   o Generate new, better formats for existing 'exe' items
   o Generate command items properly.
 
+- Better version comparison.
+
+- Security stuff that we should do
+  1 Check SSL certs or something in urllib2.  Not that Thandy really cares
+    about repositories getting mitm'd.
+  3 Notice exceptionally slow bandwidths; treat as failure-like.
+  5 Make sure we actually verify that timestamps in files listed in ts
+    file match ts file's declared timestamps for them.  Spec this.
+  6 Never replace a file with one that has an older timestamp.  Spec this.
+  7D Fallback locations to find starting metafiles in, if we don't have
+    any cached yet.
+
+- Security stuff that we should do that needs format changes.
+  2 Whenever we list a hash in a metafile, also list a file length.
+
+- Think more about issues 4, 7(A,B,C)
+
 - Missing packaging features:
   - Generate multi-item packages properly.
   - Transition better for checking on a given item
@@ -19,24 +36,6 @@
   o Handle full stalled file in download.
   - Use if-modified-since on timestamp
 
-o Write client-side code
-  o Decide early if a python implementation will do for v1.
-     o Adjust httplib, urllib2 to use socks4a.
-       o Check SOCKS package for suitability as basis for socks4a support?
-     o Look into best packaging practices
-
-  o Write code to run, telling another process about status,
-    eventually coming up with a list of packages to install or an
-    "A-OK" signal.
-
-  D GUI
-
-  o DL-via-Tor
-  o Install-when-done
-  o Verbose output
-  o quiet output.
-  X Rendezvous-back with Tor when done.
-
 - Better configurability: let users override mirrors, keys, etc.
 - Proper exponential back-off on download backend.
 
@@ -45,65 +44,8 @@
 
 . Documentation
   - More comments, more tests
-  o Document EXE and RPM formats in HOWTO.
   . full pydoc
-  . revise spec
 
 - Testing
   - Much bigger unit tests.
 
-o Bugs Roger keeps noticing
-  o you can add the same role to a key twice.
-  o wishlist item: thandy-pk dumpkey-all
-    o Already there: Run "thandy-pk dumpkey" with no arguments
-
-- Confusing tracebacks that could use a check and error message:
-
-If you type the wrong password,
-Traceback (most recent call last):
-  File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p
-y", line 313, in ?
-    main()
-  File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p
-y", line 308, in main
-    globals()[cmd](args)
-  File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p
-y", line 202, in keygen
-    k.load()
-  File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py", 
-line 385, in load
-    contents = decryptSecret(contents, password)
-  File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py", 
-line 343, in decryptSecret
-    raise thandy.BadPassword()
-thandy.BadPassword
-
-   [ I maintain that BadPassword _is_ an error message.  I'll make it say
-     "Password Incorrect", though, so it looks less like a bug.]
-
-
-when your ~/.thandy/timestamp_key didn't get the secret key dumped too,
-thandy at moria:~$ thandy-server timestamp
-Traceback (most recent call last):
-  File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p
-y", line 191, in ?
-    main()
-  File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p
-y", line 186, in main
-    globals()[cmd](args)
-  File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p
-y", line 166, in timestamp
-    keylist = thandy.formats.makeKeylistObj(ts_keyfile, True)
-  File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/formats.py
-", line 752, in makeKeylistObj
-    klist.append({'key': k.format(private=includePrivate), 'roles' : k.getRoles(
-) })
-  File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py", 
-line 189, in format
-    result['d'] = intToBase64(self.key.d)
-  File "/usr/lib/python2.4/site-packages/Crypto/PublicKey/RSA.py", line 154, in 
-__getattr__
-    return getattr(self.key, attr)
-AttributeError: rsaKey instance has no attribute 'd'
-
-  [ Gives a more descriptive error now. ]



More information about the tor-commits mailing list