File: TODO

package info (click to toggle)
debsig-verify 0.16
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 704 kB
  • sloc: sh: 5,799; ansic: 984; makefile: 154
file content (21 lines) | stat: -rw-r--r-- 867 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
* Is there a GnuPG library we can link against instead of execing gpg?
  - Yes, there is PGG, but it is merely a wrapper around the GPG binary. A
    very good wrapper, but it is hugely overweight for what we need.
    Basically this may be a dead issue. Otherwise, we should probably start
    using the --with-colon and --status-fd output for better parsing of
    the verify and keyring output.

* Figure out how to integrate this more tigthly with the package tools
  (apt, dpkg etc..).

* Expiry still needs to be handled.

* Add some more info to the verbose output.
  STATUS: in progress

* Obviously this needs more code auditing.
  - The code uses static buffers and length constrained functions (snprintf,
    strncmp) where ever possible, but in some cases it might make sense to
    switch them to dynamically allocated buffers instead.

* I18n and l10n.