Tomb/doc/TODO.org

130 lines
4.1 KiB
Org Mode
Raw Permalink Normal View History

TODO and Roadmap for Tomb
you are welcome to send patches to jaromil@dyne.org
Issue tracking is now handled via GitHub, see http://github.com/dyne/Tomb
Roadmap notes:
* Release 3.0
2014-04-15 10:56:00 +00:00
*** [#A] integrate the zenroom for custom crypto functions
https://decodeproject.github.io/lua-zenroom
*** [#A] study cryptsetup 2.0 and integrate it
In particular kernel keystore functionalities
*** [#A] support BtrFS and snapshots
*** [#B] modular encryption system support
2014-04-15 10:56:00 +00:00
to go beyond dm-crypt/cryptsetup
2014-04-15 10:56:00 +00:00
ecryptfs, tc-play
2014-04-15 10:56:00 +00:00
needs tomb marks appended at end of tombs
2014-04-15 10:56:00 +00:00
*** [#B] udev rules to avoid usb automount of keyplug in gnome
*** [#B] sign and verify tomb script integrity
2014-04-15 10:56:00 +00:00
*** [#B] analyse and show tomb entropy using libdisorder
*** [#B] use inotify on tomb
2014-04-15 10:56:00 +00:00
inotify can also count when was the last time tomb was used and
unmount it automatically after a timeout, see how much free space
is left and warn when the space is almost finished
*** DONE [#A] system to split passwords in parts
CLOSED: [2018-01-03 Wed 19:48]
solved with secrets.dyne.org
*** DONE [#B] make a graphical tomb undertaker (gnome-druid in glade?)
CLOSED: [2018-01-03 Wed 19:49]
solved by gtomb and qtomb
2014-04-15 10:56:00 +00:00
** Notes from #CybRes
2014-04-15 10:56:00 +00:00
*** mlocall per swap )vecna) rompigli il caz su github
*** steganografia migliore con outguess? (vecna)
*** velocita' creazione : fallocate -l 10G (scuall8907@gm)
* DONE Release 2.0 :100%:
** [#A] support for ZFS filesystem (revisioning, bitrot)
** [#A] support for partition-based tombs
** DONE [#B] Internationalization using gettext
Started generating the strings, still need to figure out how to
install it
** DONE [#B] better tomb locksmith code for key management
** DONE [#B] backup keys on qrcodes
** DONE [#B] indeep security analysis of possible vulnerabilities
** [#C] more gtk dialogs for configurations? keep it minimal!
* DONE Release 1.0 :100%:
** TODO [#C] make one single status handle more tombs
** TODO [#C] decorate creation wizard with ASCII art
** DONE [#B] remove gnome dependencies from tomb core :jaromil:
gksu is deeply connected to gnome in all its packages. actually
libgksu2-dev is and that doesn't helps.
gksu binary is a very simple and dirty code, we should have
tomb-ask to use the libgksu library for privilege escalation, but
then this would add the dependency into C linking...
the solution is for now to detect if gksu is present, else fallback
to sudo and provide it an interface to ask the password graphically
via pinentry
** DONE [#B] SLAM tomb and kill all applications using it :anathema:
using lsof and fuser(1) we can do that easily
we should ask user confirmation when closing a tomb if to slam
tomb-askpass will become tomb-ask managing such user interaction,
using libassuan and pinentry from the gpg project.
** DONE [#B] fix operation without DISPLAY (over SSH) :hellekin:
** DONE [#A] steganography to store tomb key :jaromil:
steghide can hide keys in JPG, BMP, WAV or AU files it also takes
care of compressing end encrypting the key file so we don't
necessarily need gpg... it has Serpent and AES256 (CBC)
2011-02-09 12:06:45 +00:00
** DONE [#A] use a posix thread instead of fork for status close :jaromil:
** DONE [#A] use a config file to map bind mounts :jaromil:
done as file 'bind-hooks' inside tom. also 'post-hooks' is executed
as user in case symlinks are needed and so
using mount -o bind we can trigger actions to be made after mounting
a tomb so that personal directories appear in the home folder.
** DONE [#A] desktop integration the freedesktop way :jaromil:
** DONE [#B] debian packaging with desktop integration :jaromil:
** DONE [#A] Avoid overwriting key on exhume on same filename
** DONE [#A] Should refuse opening a tomb that is already open :jaromil:
2011-02-09 12:06:45 +00:00
* TODO Porting to MS/Windows
using FReeOTFE http://www.freeotfe.org
or at least make it compatible with http://www.sdean12.org/SecureTrayUtil.htm
* TODO Porting to Apple/OSX
still to be investigated what's there that supports cryptsetup-luks volumes. hditool, tcplay...