diff options
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 22 |
1 files changed, 0 insertions, 22 deletions
@@ -46,25 +46,3 @@ * Make debug-me --bundle create a self-contained executable bundle that can be ran anywhere. Update faq to suggest developers include that with their software. - -Low priority: - -* Color the control window background to distinguish it from the shell - window. Could even use a curses toolkit to draw the control window, and - make it have buttons, etc. Make the control window easy to use, and all - features discoverable.. -* Add a mode that, given a log file, displays what developer(s) gpg keys - signed activity in the log file. For use when a developer did something - wrong, to examine the proof of malfesence. -* loadLog should verify the hashes (and signatures) in the log, and - refuse to use logs that are not valid proofs of a session. - (--replay and --graphvis need this; server's use of loadLog does not) - Everything else in debug-me checks a session's proof as it goes. - And, everything that saves a log file checks the proof as it goes, - so perhaps this is not actually necessary? -* GPG WoT is checked by querying pgp.cs.uu.nl, could use wotsap if it's - locally installed. However, the version of wotsap in debian only supports - short, insecure keyids, so is less secure than using the server. -* Once we have a WoT path, we could download each gpg key in the path and - verify the path. This would avoid trusting pgp.cs.uu.nl not to be evil. - Not done yet, partly because downloading a lot of gpg keys is expensive. |