-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathTODO
54 lines (41 loc) · 2.07 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
* Add tests for no matched IDs.
* Add tests for weak algorithms in keys.
* Add tests for key expiry.
* Add tests for optional, reject selections/verification policies.
* Add tests for failing required verifications.
* Add tests for multiple UIDs or keys, need fixes in code.
* Update comments in example policies.
* Redesign format:
- Should be stored in a sigs.tar ar member.
- Should be able to add other origin signatures (namespace them?).
- Should sign entire thing up to the sigs.tar member, no need to extract
and concat.
- How to handle key rotation or different keys for different archive or
releases from the same origin?
* Redesign policies:
- Do not require XML.
- Do not require fetching the fingerprint for signatures and keys.
- Use the origin name as entry point, and role names to refer to keyrings.
- Use filesystem as policy declaration? For example:
<policy-dir>/keyrings/debian/origin.pgp
<policy-dir>/keyrings/debian/role-maint.pgp
<policy-dir>/keyrings/debian/role-uploader.pgp
<policy-dir>/keyrings/debian/role-builder.pgp
- Use a deb822 file for a policy file to denote optional/required/reject?
* Is there a GnuPG library we can link against instead of execing gpg?
- Yes, there is PGG, but it is merely a wrapper around the GPG binary. A
very good wrapper, but it is hugely overweight for what we need.
Basically this may be a dead issue. Otherwise, we should probably start
using the --with-colon and --status-fd output for better parsing of
the verify and keyring output.
* Figure out how to integrate this more tightly with the package tools
(apt, dpkg etc..).
- Move all .deb format handling into libdpkg.
- Merge into dpkg-deb, once the only dependency is gpgv/sqv/sqop.
* Add some more info to the verbose output.
STATUS: in progress
* Obviously this needs more code auditing.
- The code uses static buffers and length constrained functions (snprintf,
strncmp) where ever possible, but in some cases it might make sense to
switch them to dynamically allocated buffers instead.
* I18n and l10n.