mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-26 23:06:28 +00:00
110 lines
3.7 KiB
Org Mode
110 lines
3.7 KiB
Org Mode
|
|
TODO and Roadmap for Tomb
|
|
|
|
you are welcome to send patches to jaromil@dyne.org
|
|
|
|
Issue tracking is now handled via GitHub, see http://github.com/dyne/Tomb
|
|
|
|
Old roadmap notes:
|
|
|
|
|
|
|
|
* TODO Release 2.0 :00%:
|
|
|
|
Must be 100% backward compatible with tombs created with 1.0
|
|
|
|
|
|
** New features
|
|
*** [#A] support for ZFS filesystem (revisioning, bitrot)
|
|
*** [#A] support for partition-based tombs
|
|
*** [#B] system to split keys in parts (ssss)
|
|
*** [#A] udev rules to avoid usb automount of keyplug in gnome
|
|
*** [#B] sign and verify tomb script integrity (executed as root)
|
|
*** TODO [#B] Internationalization using gettext :jaromil:
|
|
|
|
Started generating the strings, still need to figure out how to
|
|
install it
|
|
|
|
*** [#B] make a gnome tomb undertaker using gnome-druid in glade
|
|
*** DONE [#B] tomb locksmith for key management
|
|
a graphical tool or text wizard to move keys in/out steganography
|
|
as well split them
|
|
|
|
*** DONE [#B] transport keys and integrity checksums on qrcodes
|
|
*** [#B] analyse and show tomb entropy using libdisorder
|
|
*** [#B] indeep security analysis of possible vulnerabilities
|
|
*** [#C] use inotify on tomb
|
|
|
|
inotify can also count when was the last time tomb was used and
|
|
unmount it automatically after a timeout, see how much free space
|
|
is left and warn when the space is almost finished
|
|
*** [#C] more gtk dialogs for configurations? keep it minimal!
|
|
|
|
|
|
* Notes from #CybRes
|
|
|
|
*** mlocall per swap )vecna) rompigli il caz su github
|
|
*** steganografia migliore con outguess? (vecna)
|
|
*** velocita' creazione : fallocate -l 10G (scuall8907@gm)
|
|
|
|
|
|
* DONE Release 1.0 :100%:
|
|
|
|
** TODO [#C] make one single status handle more tombs
|
|
** TODO [#C] decorate creation wizard with ASCII art
|
|
|
|
** DONE [#B] remove gnome dependencies from tomb core :jaromil:
|
|
|
|
gksu is deeply connected to gnome in all its packages. actually
|
|
libgksu2-dev is and that doesn't helps.
|
|
|
|
gksu binary is a very simple and dirty code, we should have
|
|
tomb-ask to use the libgksu library for privilege escalation, but
|
|
then this would add the dependency into C linking...
|
|
|
|
the solution is for now to detect if gksu is present, else fallback
|
|
to sudo and provide it an interface to ask the password graphically
|
|
via pinentry
|
|
|
|
** DONE [#B] SLAM tomb and kill all applications using it :anathema:
|
|
|
|
using lsof and fuser(1) we can do that easily
|
|
|
|
we should ask user confirmation when closing a tomb if to slam
|
|
|
|
tomb-askpass will become tomb-ask managing such user interaction,
|
|
using libassuan and pinentry from the gpg project.
|
|
|
|
** DONE [#B] fix operation without DISPLAY (over SSH) :hellekin:
|
|
** DONE [#A] steganography to store tomb key :jaromil:
|
|
|
|
steghide can hide keys in JPG, BMP, WAV or AU files it also takes
|
|
care of compressing end encrypting the key file so we don't
|
|
necessarily need gpg... it has Serpent and AES256 (CBC)
|
|
|
|
** DONE [#A] use a posix thread instead of fork for status close :jaromil:
|
|
** DONE [#A] use a config file to map bind mounts :jaromil:
|
|
|
|
done as file 'bind-hooks' inside tom. also 'post-hooks' is executed
|
|
as user in case symlinks are needed and so
|
|
|
|
using mount -o bind we can trigger actions to be made after mounting
|
|
a tomb so that personal directories appear in the home folder.
|
|
|
|
** DONE [#A] desktop integration the freedesktop way :jaromil:
|
|
** DONE [#B] debian packaging with desktop integration :jaromil:
|
|
** DONE [#A] Avoid overwriting key on exhume on same filename
|
|
** DONE [#A] Should refuse opening a tomb that is already open :jaromil:
|
|
|
|
|
|
* TODO Porting to Win$loth
|
|
|
|
using FReeOTFE http://www.freeotfe.org
|
|
|
|
or at least make it compatible with http://www.sdean12.org/SecureTrayUtil.htm
|
|
|
|
* TODO Porting to Apple/OSX
|
|
|
|
still to be investigated what's there that supports cryptsetup-luks volumes
|
|
|