Tomb/TODO.org


TODO and Roadmap for Tomb

you are welcome to send patches to jaromil@dyne.org

* Release 1.0							:90%:

** TODO [#C] make one single status handle more tombs
** TODO [#C] decorate creation wizard with ASCII art

** DONE [#B] remove gnome dependencies from tomb core		    :jaromil:

   gksu is deeply connected to gnome in all its packages.  actually
   libgksu2-dev is and that doesn't helps.

   gksu binary is a very simple and dirty code, we should have
   tomb-ask to use the libgksu library for privilege escalation, but
   then this would add the dependency into C linking...

   the solution is for now to detect if gksu is present, else fallback
   to sudo and provide it an interface to ask the password graphically
   via pinentry

** DONE [#B] SLAM tomb and kill all applications using it	   :anathema:

   using lsof and fuser(1) we can do that easily

   we should ask user confirmation when closing a tomb if to slam

   tomb-askpass will become tomb-ask managing such user interaction,
   using libassuan and pinentry from the gpg project.

** DONE [#B] fix operation without DISPLAY (over SSH)		   :hellekin:
** DONE [#A] steganography to store tomb key			    :jaromil:

   steghide can hide keys in JPG, BMP, WAV or AU files it also takes
   care of compressing end encrypting the key file so we don't
   necessarily need gpg... it has Serpent and AES256 (CBC)

** DONE [#A] use a posix thread instead of fork for status close    :jaromil:
** DONE [#A] use a config file to map bind mounts 		    :jaromil:

   done as file 'bind-hooks' inside tom. also 'post-hooks' is executed
   as user in case symlinks are needed and so

   using mount -o bind we can trigger actions to be made after mounting
   a tomb so that personal directories appear in the home folder.

** DONE [#A] desktop integration the freedesktop way		    :jaromil:
** DONE [#B] debian packaging with desktop integration 		    :jaromil:


* TODO Release 2.0							:00%:

100% backward compatible with tombs created with 1.0 

** [#A] use inotify on tomb

   inotify can also count when was the last time tomb was used and
   unmount it automatically after a timeout

** [#A] udev rules to avoid usb automount of keyplug in gnome

** [#A] sign and verify tomb script integrity (executed as root)

** [#B] make a gnome tomb undertaker using gnome-druid in glade
** [#B] tomb locksmith for key management
   a graphical tool or text wizard to move keys in/out steganography
   as well split them
** [#B] system to split keys in parts (ssss)

** [#B] transport keys and integrity checksums on qrcodes

** [#B] analyse and show tomb entropy using libdisorder

** [#B] indeep security analysis of possible vulnerabilities

** [#C] more gtk dialogs for configurations? keep it minimal!

* TODO Porting to Win$loth

  using FReeOTFE http://www.freeotfe.org

  or at least make it compatible with http://www.sdean12.org/SecureTrayUtil.htm

* TODO Porting to Apple/OSX

  still to be investigated what's there that supports cryptsetup-luks volumes
version bump and better TODO with roadmap 2011-02-06 16:44:01 +00:00
			`TODO and Roadmap for Tomb`

			`you are welcome to send patches to jaromil@dyne.org`

new elements in TODO after some researc on portability on windows also decided to separate tomb in two deb packages: tomb and tomb-gnome (or tomb-gtk) 2011-02-13 14:42:30 +00:00			`* Release 1.0 :90%:`
version bump and better TODO with roadmap 2011-02-06 16:44:01 +00:00
colors! :) and documentation for tomb list 2011-05-09 08:32:08 +00:00			`** TODO [#C] make one single status handle more tombs`
			`** TODO [#C] decorate creation wizard with ASCII art`
fixed sudo for privilege excalation, gksu is not anymore a requirement also updated Todo items 2011-02-13 11:29:07 +00:00
colors! :) and documentation for tomb list 2011-05-09 08:32:08 +00:00			`** DONE [#B] remove gnome dependencies from tomb core :jaromil:`
fixed sudo for privilege excalation, gksu is not anymore a requirement also updated Todo items 2011-02-13 11:29:07 +00:00
			`gksu is deeply connected to gnome in all its packages. actually`
			`libgksu2-dev is and that doesn't helps.`

			`gksu binary is a very simple and dirty code, we should have`
			`tomb-ask to use the libgksu library for privilege escalation, but`
			`then this would add the dependency into C linking...`

			`the solution is for now to detect if gksu is present, else fallback`
			`to sudo and provide it an interface to ask the password graphically`
			`via pinentry`
TODO updates and enable-debug configure flag 2011-02-07 08:44:13 +00:00
colors! :) and documentation for tomb list 2011-05-09 08:32:08 +00:00			`** DONE [#B] SLAM tomb and kill all applications using it :anathema:`

			`using lsof and fuser(1) we can do that easily`
TODO updates and enable-debug configure flag 2011-02-07 08:44:13 +00:00
colors! :) and documentation for tomb list 2011-05-09 08:32:08 +00:00			`we should ask user confirmation when closing a tomb if to slam`

			`tomb-askpass will become tomb-ask managing such user interaction,`
			`using libassuan and pinentry from the gpg project.`
fixed sudo for privilege excalation, gksu is not anymore a requirement also updated Todo items 2011-02-13 11:29:07 +00:00
colors! :) and documentation for tomb list 2011-05-09 08:32:08 +00:00			`** DONE [#B] fix operation without DISPLAY (over SSH) :hellekin:`
en/decode steganographic commands are renamed to bury and exhume documentation updates reflect new features, manpage now refers to arguments of different nature 2011-02-12 16:54:53 +00:00			`** DONE [#A] steganography to store tomb key :jaromil:`

			`steghide can hide keys in JPG, BMP, WAV or AU files it also takes`
			`care of compressing end encrypting the key file so we don't`
			`necessarily need gpg... it has Serpent and AES256 (CBC)`

TODO reorganization 2011-02-09 12:06:45 +00:00			`** DONE [#A] use a posix thread instead of fork for status close :jaromil:`
			`** DONE [#A] use a config file to map bind mounts :jaromil:`

			`done as file 'bind-hooks' inside tom. also 'post-hooks' is executed`
			`as user in case symlinks are needed and so`

			`using mount -o bind we can trigger actions to be made after mounting`
			`a tomb so that personal directories appear in the home folder.`

			`** DONE [#A] desktop integration the freedesktop way :jaromil:`
			`** DONE [#B] debian packaging with desktop integration :jaromil:`

slam wish in todo 2011-02-07 11:06:37 +00:00
TODO updates and enable-debug configure flag 2011-02-07 08:44:13 +00:00			`* TODO Release 2.0 :00%:`
version bump and better TODO with roadmap 2011-02-06 16:44:01 +00:00
			`100% backward compatible with tombs created with 1.0`

suggestion from caedes on automatic umount after a while unused 2011-02-10 14:03:45 +00:00			`** [#A] use inotify on tomb`

			`inotify can also count when was the last time tomb was used and`
			`unmount it automatically after a timeout`
version bump and better TODO with roadmap 2011-02-06 16:44:01 +00:00
			`** [#A] udev rules to avoid usb automount of keyplug in gnome`

			`** [#A] sign and verify tomb script integrity (executed as root)`

new elements in TODO after some researc on portability on windows also decided to separate tomb in two deb packages: tomb and tomb-gnome (or tomb-gtk) 2011-02-13 14:42:30 +00:00			`** [#B] make a gnome tomb undertaker using gnome-druid in glade`
updates in todo 2011-02-08 10:00:46 +00:00			`** [#B] tomb locksmith for key management`
			`a graphical tool or text wizard to move keys in/out steganography`
			`as well split them`
version bump and better TODO with roadmap 2011-02-06 16:44:01 +00:00			`** [#B] system to split keys in parts (ssss)`

			`** [#B] transport keys and integrity checksums on qrcodes`

			`** [#B] analyse and show tomb entropy using libdisorder`

			`** [#B] indeep security analysis of possible vulnerabilities`

			`** [#C] more gtk dialogs for configurations? keep it minimal!`

new elements in TODO after some researc on portability on windows also decided to separate tomb in two deb packages: tomb and tomb-gnome (or tomb-gtk) 2011-02-13 14:42:30 +00:00			`* TODO Porting to Win$loth`

			`using FReeOTFE http://www.freeotfe.org`

			`or at least make it compatible with http://www.sdean12.org/SecureTrayUtil.htm`

			`* TODO Porting to Apple/OSX`

			`still to be investigated what's there that supports cryptsetup-luks volumes`