From cdf3a258d14a8992156616711baaebb90b5de4d6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 29 Apr 2017 15:37:07 -0400 Subject: propritize --- TODO | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/TODO b/TODO index 050ff21..f31d45d 100644 --- a/TODO +++ b/TODO @@ -1,9 +1,3 @@ -* GPG WoT is checked by querying pgp.cs.uu.nl, could use wotsap if it's - locally installed. However, the version of wotsap in debian only supports - short, insecure keyids, so is less secure than using the server. -* Once we have a WoT path, we could download each gpg key in the path and - verify the path. This would avoid trusting pgp.cs.uu.nl not to be evil. - Not done yet, partly because downloading a lot of gpg keys is expensive. * Multiple --downloads at the same time or close together fail with "thread blocked indefinitely in an STM transaction" Also see it occasionally with --debug. @@ -32,15 +26,6 @@ to. (Perhaps not needed now that developers see other developer's Activity Entered.. But, this does let developers know what the current accepted line is.) -* loadLog should verify the hashes (and signatures) in the log, and - refuse to use logs that are not valid proofs of a session. - (--replay and --graphvis need this; server's use of loadLog does not) - Everything else in debug-me checks a session's proof as it goes. - And, everything that saves a log file checks the proof as it goes, - so perhaps this is not actually necessary? -* Add a mode that, given a log file, displays what developer(s) gpg keys - signed activity in the log file. For use when a developer did something - wrong, to examine the proof of malfesence. * How to prevent abusing servers to store large quantities of data that are not legitimate debug-me logs, but are formatted like them? Perhaps add POW to the wire protocol? Capthca? @@ -73,4 +58,24 @@ * When the user presses control-s, before forwarding it to the terminal, stop accepting any developer input. Control-s again to resume. * Make control-backslash immediately end the debug-me session. +* Need to spin up a debug-me server and make debug-me use it by default, + not localhost. +* Add option or config file to control what server(s) to use. + +Low priority: +* Add a mode that, given a log file, displays what developer(s) gpg keys + signed activity in the log file. For use when a developer did something + wrong, to examine the proof of malfesence. +* loadLog should verify the hashes (and signatures) in the log, and + refuse to use logs that are not valid proofs of a session. + (--replay and --graphvis need this; server's use of loadLog does not) + Everything else in debug-me checks a session's proof as it goes. + And, everything that saves a log file checks the proof as it goes, + so perhaps this is not actually necessary? +* GPG WoT is checked by querying pgp.cs.uu.nl, could use wotsap if it's + locally installed. However, the version of wotsap in debian only supports + short, insecure keyids, so is less secure than using the server. +* Once we have a WoT path, we could download each gpg key in the path and + verify the path. This would avoid trusting pgp.cs.uu.nl not to be evil. + Not done yet, partly because downloading a lot of gpg keys is expensive. -- cgit v1.2.3