fully working signatures

This commit was sponsored by Ethan Aubin.
author: Joey Hess <joeyh@joeyh.name> 2017-04-19 20:07:47 -0400
committer: Joey Hess <joeyh@joeyh.name> 2017-04-19 20:07:47 -0400
commit: f7999cecc2bb0c76d88005444478e8500c624786 (patch)
tree: 9deccd684e1333dca028d980489892ac4189582b /TODO
parent: 6f7cf857b408401abdc4477c888495b4f13162c7 (diff)
download: debug-me-f7999cecc2bb0c76d88005444478e8500c624786.tar.gz
1 files changed, 3 insertions, 4 deletions
diff --git a/TODO b/TODO
index 89f8cd9..f9f51b7 100644
--- a/TODO
+++ b/TODO
@@ -6,13 +6,12 @@
   matter.)
 * loadLog should verify the hashes (and signatures) in the log, and
   refuse to use logs that are not valid proofs of a session.
-* Encryption!
-* Add random nonce to start message, to avoid replay issues.
-  (Or perhaps the encryption derives a RSA key in a way that avoids
-  replay..)
 * Network!
 * Server!
 * gpg key downloading, web of trust checking, prompting
   Alternatively, let debug-me be started with a gpg key,
   this way a project's website can instruct their users to
   "run debug-me --trust-gpg-key=whatever"
+* Multiple developers should be able to connect to a single debug-me
+  user. Most of the code was written with that in mind, but not tested
+  yet..
author	Joey Hess <joeyh@joeyh.name>	2017-04-19 20:07:47 -0400
committer	Joey Hess <joeyh@joeyh.name>	2017-04-19 20:07:47 -0400
commit	f7999cecc2bb0c76d88005444478e8500c624786 (patch)
tree	9deccd684e1333dca028d980489892ac4189582b /TODO
parent	6f7cf857b408401abdc4477c888495b4f13162c7 (diff)
download	debug-me-f7999cecc2bb0c76d88005444478e8500c624786.tar.gz