diff options
-rw-r--r-- | TODO | 5 | ||||
-rw-r--r-- | debug-me.1 | 4 |
2 files changed, 6 insertions, 3 deletions
@@ -32,10 +32,13 @@ * loadLog should verify the hashes (and signatures) in the log, and refuse to use logs that are not valid proofs of a session. (--replay and --graphvis need this; server's use of loadLog does not) + Everything else in debug-me checks a session's proof as it goes. + And, everything that saves a log file checks the proof as it goes, + so perhaps this is not actually necessary? * gpg key downloading, web of trust checking, prompting Alternatively, let debug-me be started with a gpg key, this way a project's website can instruct their users to "run debug-me --trust-gpg-key=whatever" * How to prevent abusing servers to store large quantities of data that are not legitimate debug-me logs, but are formatted like them? - Perhaps add POW to the wire protocol? + Perhaps add POW to the wire protocol? Capthca? @@ -27,13 +27,13 @@ pass the command and any options after "--". .IP "--debug url" Connect to a debug-me session on the specified url. The developer runs debug-me with this option to see and interact with the user's bug. -.IP "--replay logfile" -Replay a debug-me logfile. .IP "--download url" Download a debug-me log file from the specified url. Note that if the debug-me session is still in progress, this will continue downloading until the session ends. The proof chain in the log file is verified as it is downloaded, but developer gpg signatures are not verified. +.IP "--replay logfile" +Replay a debug-me log file with realistic pauses. .IP "--watch url" Connect to a debug-me session on the specified url and display what happens in the session. Your keystrokes will not be sent to the session. |