File: TODO

package info (click to toggle)
impass 0.14.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 264 kB
  • sloc: python: 1,267; sh: 981; makefile: 36
file content (91 lines) | stat: -rw-r--r-- 4,485 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
 * ENHANCEMENT: advanced create gui.  allows editing context, password
   and potentially expiration.  password edit should provide
   statistics about password (number of characters/numbers/special
   characters/etc.).  ctrl+e could be shortcut key.

 * ENHANCEMENT: entry edit gui.  allows editing context, password and
   potentially expiration.  password edit should provide statistics
   about password (number of characters/numbers/special
   characters/etc.).  ctrl+e could be shortcut key.

 * ENHANCEMENT: add password expiration.  User enters expiration in
   "natural language", which is resolved to future date expiration.
   Expiration date and specified delta are stored, so delta can be
   used to suggest expirations in the future.

 * ENHANCEMENT: store context history in separate encrypted file.  gui
   should allow navigating history (via arrows and other command keys)
   when the context field is empty.  Break out Database class into
   generic encrypted json store class the both Database and History
   classes can inherit from.

 * BUG: assword crashes when it gets EOF on stdin when prompting or
   when ASSWORD_PASSWORD=prompt.

 * ENHANCEMENT: ASSWORD_PASSWORD=stdin should just read the password
   from the first line of stdin (discarding trailing newlines).  not
   sure how this should interact with the situation where no context
   is supplied.

 * ENHANCEMENT: xdo has two input methods -- one based on XSendEvent,
   and one based on injecting keystrokes into the X session as a whole
   (the difference is whether a window ID parameter is passed to
   "type").  We use the latter right now in gui despite its
   possibility of leakage because some X11 applications ignore
   XSendEvent input.  Provide some hinting mechanism derived from the
   window in question to conditionally enable XSendEvent instead.

 * ENHANCEMENT: can we use python clipboard bindings instead of
   "xclip -i"?

 * ENHANCEMENT: preseed context in gui.  use the target window title
   and/or pid to pre-seed the search box in "assword gui" (this should
   be pre-selected text so it is easy to start typing something else)
   if selected window is known browser, and it's possible to extract
   url, preseed context search with hostname of url.

 * ENHANCEMENT: gui create action should modify the database, move
   the user's focus back into the textentry (highlighting the whole
   entry text), disable the "Create" button, and *not* explicitly
   select and terminate.  The user can then select in the usual way
   (pressing enter) or can continue without selecting.

 * ENHANCEMENT: review gui label texts and make sure they're saying
   reasonable things in different parts of the workflow.

 * ENHANCEMENT: ctrl+del from gui when a matching context is
   present should allow deletion of the indicated password.  This
   should probably prompt for confirmation.

 * ENHANCEMENT: support multiple DB files. change current DB path to
   directory.  app opens all available db files and presents a unified
   them in a single entry dict that can be searched/edited/etc.
   entries should store db source and present to user adjacent to
   context.  Entry edits should go back to the appropriate db file.
   db files should store name and version in internal db metadata, and
   file name should include version number.

 * ENHANCEMENT: multi db syncronization. maybe start with a
   centralized, SVN-like-without-history system.  pull remotes.  db
   edits increment db version number.  pushes succeed transparently if
   remote has same version as last sync.  if remote version has been
   incremented initiate local-side merge.

 * ENHANCEMENT: associate default _XPASTE mechanisms with some
   contexts: if you know that certain passwords work with tools that
   prefer certain _XPASTE mechanisms, that ought to be something
   assword can figure out.  see 526990F5.6050700@guerrier.com and
   following discussion.

 * ENHANCEMENT: import scripts from common password stores
   (e.g. ~/.mozilla/firefox/*.default/signons.sqlite)

 * ENHANCEMENT: guess about target window to determine default _XPASTE
   mechanism (e.g. we know iceweasel works with one _XPASTE mechanism,
   but rxvt works with another one) -- we can guess by looking at the
   process that controls the window and/or the window title or other
   things (we might need to expand python-xdo to get these guesses)

 * ENHANCEMENT: test for various PASSWORD values

 * ENHANCEMENT: gui error dialog