[or-cvs] r17518: {updater} Add some issues to Thandy TODO; remove completed items (updater/trunk)
nickm at seul.org
nickm at seul.org
Mon Dec 8 01:39:28 UTC 2008
Author: nickm
Date: 2008-12-07 20:39:27 -0500 (Sun, 07 Dec 2008)
New Revision: 17518
Modified:
updater/trunk/TODO
Log:
Add some issues to Thandy TODO; remove completed items
Modified: updater/trunk/TODO
===================================================================
--- updater/trunk/TODO 2008-12-08 00:14:13 UTC (rev 17517)
+++ updater/trunk/TODO 2008-12-08 01:39:27 UTC (rev 17518)
@@ -5,6 +5,23 @@
o Generate new, better formats for existing 'exe' items
o Generate command items properly.
+- Better version comparison.
+
+- Security stuff that we should do
+ 1 Check SSL certs or something in urllib2. Not that Thandy really cares
+ about repositories getting mitm'd.
+ 3 Notice exceptionally slow bandwidths; treat as failure-like.
+ 5 Make sure we actually verify that timestamps in files listed in ts
+ file match ts file's declared timestamps for them. Spec this.
+ 6 Never replace a file with one that has an older timestamp. Spec this.
+ 7D Fallback locations to find starting metafiles in, if we don't have
+ any cached yet.
+
+- Security stuff that we should do that needs format changes.
+ 2 Whenever we list a hash in a metafile, also list a file length.
+
+- Think more about issues 4, 7(A,B,C)
+
- Missing packaging features:
- Generate multi-item packages properly.
- Transition better for checking on a given item
@@ -19,24 +36,6 @@
o Handle full stalled file in download.
- Use if-modified-since on timestamp
-o Write client-side code
- o Decide early if a python implementation will do for v1.
- o Adjust httplib, urllib2 to use socks4a.
- o Check SOCKS package for suitability as basis for socks4a support?
- o Look into best packaging practices
-
- o Write code to run, telling another process about status,
- eventually coming up with a list of packages to install or an
- "A-OK" signal.
-
- D GUI
-
- o DL-via-Tor
- o Install-when-done
- o Verbose output
- o quiet output.
- X Rendezvous-back with Tor when done.
-
- Better configurability: let users override mirrors, keys, etc.
- Proper exponential back-off on download backend.
@@ -45,65 +44,8 @@
. Documentation
- More comments, more tests
- o Document EXE and RPM formats in HOWTO.
. full pydoc
- . revise spec
- Testing
- Much bigger unit tests.
-o Bugs Roger keeps noticing
- o you can add the same role to a key twice.
- o wishlist item: thandy-pk dumpkey-all
- o Already there: Run "thandy-pk dumpkey" with no arguments
-
-- Confusing tracebacks that could use a check and error message:
-
-If you type the wrong password,
-Traceback (most recent call last):
- File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p
-y", line 313, in ?
- main()
- File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p
-y", line 308, in main
- globals()[cmd](args)
- File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/SignerCLI.p
-y", line 202, in keygen
- k.load()
- File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py",
-line 385, in load
- contents = decryptSecret(contents, password)
- File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py",
-line 343, in decryptSecret
- raise thandy.BadPassword()
-thandy.BadPassword
-
- [ I maintain that BadPassword _is_ an error message. I'll make it say
- "Password Incorrect", though, so it looks less like a bug.]
-
-
-when your ~/.thandy/timestamp_key didn't get the secret key dumped too,
-thandy at moria:~$ thandy-server timestamp
-Traceback (most recent call last):
- File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p
-y", line 191, in ?
- main()
- File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p
-y", line 186, in main
- globals()[cmd](args)
- File "/home/thandy/updater-live/lib/python2.4/site-packages/thandy/ServerCLI.p
-y", line 166, in timestamp
- keylist = thandy.formats.makeKeylistObj(ts_keyfile, True)
- File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/formats.py
-", line 752, in makeKeylistObj
- klist.append({'key': k.format(private=includePrivate), 'roles' : k.getRoles(
-) })
- File "/home/thandy/updater-live//lib/python2.4/site-packages/thandy/keys.py",
-line 189, in format
- result['d'] = intToBase64(self.key.d)
- File "/usr/lib/python2.4/site-packages/Crypto/PublicKey/RSA.py", line 154, in
-__getattr__
- return getattr(self.key, attr)
-AttributeError: rsaKey instance has no attribute 'd'
-
- [ Gives a more descriptive error now. ]
More information about the tor-commits
mailing list