diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -1,3 +1,9 @@ +* GPG WoT is checked by querying pgp.cs.uu.nl, could use wotsap if it's + locally installed. However, the version of wotsap in debian only supports + short, insecure keyids, so is less secure than using the server. +* Once we have a WoT path, we could download each gpg key in the path and + verify the path. This would avoid trusting pgp.cs.uu.nl not to be evil. + Not done yet, partly because downloading a lot of gpg keys is expensive. * Multiple --downloads at the same time or close together fail with "thread blocked indefinitely in an STM transaction" Also see it occasionally with --debug. |