diff options
| author | Joey Hess <joeyh@joeyh.name> | 2017-04-29 15:37:07 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2017-04-29 15:37:07 -0400 |
| commit | cdf3a258d14a8992156616711baaebb90b5de4d6 (patch) | |
| tree | 152225050346cc09e4c05fed7b17404cc7377dbc | |
| parent | af251f41daac5593bae8986112c672e7efc08290 (diff) | |
| download | debug-me-cdf3a258d14a8992156616711baaebb90b5de4d6.tar.gz | |
propritize
| -rw-r--r-- | TODO | 35 |
1 files changed, 20 insertions, 15 deletions
@@ -1,9 +1,3 @@ -* GPG WoT is checked by querying pgp.cs.uu.nl, could use wotsap if it's - locally installed. However, the version of wotsap in debian only supports - short, insecure keyids, so is less secure than using the server. -* Once we have a WoT path, we could download each gpg key in the path and - verify the path. This would avoid trusting pgp.cs.uu.nl not to be evil. - Not done yet, partly because downloading a lot of gpg keys is expensive. * Multiple --downloads at the same time or close together fail with "thread blocked indefinitely in an STM transaction" Also see it occasionally with --debug. @@ -32,15 +26,6 @@ to. (Perhaps not needed now that developers see other developer's Activity Entered.. But, this does let developers know what the current accepted line is.) -* loadLog should verify the hashes (and signatures) in the log, and - refuse to use logs that are not valid proofs of a session. - (--replay and --graphvis need this; server's use of loadLog does not) - Everything else in debug-me checks a session's proof as it goes. - And, everything that saves a log file checks the proof as it goes, - so perhaps this is not actually necessary? -* Add a mode that, given a log file, displays what developer(s) gpg keys - signed activity in the log file. For use when a developer did something - wrong, to examine the proof of malfesence. * How to prevent abusing servers to store large quantities of data that are not legitimate debug-me logs, but are formatted like them? Perhaps add POW to the wire protocol? Capthca? @@ -73,4 +58,24 @@ * When the user presses control-s, before forwarding it to the terminal, stop accepting any developer input. Control-s again to resume. * Make control-backslash immediately end the debug-me session. +* Need to spin up a debug-me server and make debug-me use it by default, + not localhost. +* Add option or config file to control what server(s) to use. + +Low priority: +* Add a mode that, given a log file, displays what developer(s) gpg keys + signed activity in the log file. For use when a developer did something + wrong, to examine the proof of malfesence. +* loadLog should verify the hashes (and signatures) in the log, and + refuse to use logs that are not valid proofs of a session. + (--replay and --graphvis need this; server's use of loadLog does not) + Everything else in debug-me checks a session's proof as it goes. + And, everything that saves a log file checks the proof as it goes, + so perhaps this is not actually necessary? +* GPG WoT is checked by querying pgp.cs.uu.nl, could use wotsap if it's + locally installed. However, the version of wotsap in debian only supports + short, insecure keyids, so is less secure than using the server. +* Once we have a WoT path, we could download each gpg key in the path and + verify the path. This would avoid trusting pgp.cs.uu.nl not to be evil. + Not done yet, partly because downloading a lot of gpg keys is expensive. |