From 5e73ae20956e409b7f70ab292af360aa41b49c93 Mon Sep 17 00:00:00 2001 From: Cameron Dale Date: Fri, 7 Mar 2008 16:38:33 -0800 Subject: [PATCH] Another TODO item. --- TODO | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/TODO b/TODO index 192670b..f726992 100644 --- a/TODO +++ b/TODO @@ -61,6 +61,16 @@ first piece, in which case it is downloaded from a 3rd peer, with consensus revealing the misbehaving peer. +Consider tracking security issues with packages. + +Since sharing information with others about what packages you have +downloaded (and probably installed) is a possible security +vulnerability, it would be advantageous to not share that information +for packages that have known security vulnerabilities. This would +require some way of obtaining a list of which packages (and versions) +are vulnerable, which is not currently available. + + Consider adding peer characteristics to the DHT. Bad peers could be indicated in the DHT by adding a new value that is -- 2.39.5